Actu
Infosecurity Europe says better IT security education could have prevented the high-level SCADA water systems hack in the US
November 2011 by Infosecurity Europe
Commenting on reports that a SCADA-based water system in the US has been hacked by cybercriminals - apparently based in Russia - the organisers of the Infosecurity Europe show say this highlights the very real dangers that hackers now pose to everyone in society.
According to Claire Sellick, the show’s event director, the hack appears to stem from an incursion into the SCADA software vendor’s systems, raising the spectre of other water systems in the US - and elsewhere in the world - being vulnerable to attack.
"The prospect of water systems being remotely compromised by hackers does not bear thinking about, as our society relies on water for factories and everyday mundane chores such as washing and showering. And of course, everyone drinks water, so the prospect of our domestic or office water supply being flooded with chemicals - released en-masse by the hackers - does not bear thinking about," she said.
"More than anything, these reports highlight the need for better education on IT security amongst organisations of all sizes. If the IT staff at the software vendor that is alleged to have been hacked understood the reason why their systems needed to be better defended, then it’s likely this high-level compromise would not have happened," she added.
The Infosecurity Europe show event director went on to say that the fact that various US agencies have been involved in issuing warnings - including the Department for Homeland Security - illustrates the potentially serious nature of this IT systems compromise.
It’s very likely, she explained, that in gaining access to the vendor’s systems, the hackers were able to work out the default settings for the software, as well as the way IDs and passwords on a default system are constructed.
From there, she says, it would be a simple task to work out what IDs and passwords would be likely to work on SCADA-connected water utility company systems.
And it’s against this backdrop, Sellick notes, that a central focus of the Infosecurity Europe show is dedicated to providing the highest level of free education to attendees.
"Next year’s show - which takes place at London’s Earl’s Court exhibition centre from the 24th to the 26th of April - will offer a variety of education facilities, offering a range of high quality, multi-format methods of delivering education and training to visitors to meet all possible educational needs," she said.
"Year after year, the show’s education programme attracts true luminaries of the information security sphere, covering every important sector within government, vendor and end-user communities alike. It is this unique formula that brings visitors back to the show and draws the experts that make Infosecurity Europe an unmissable event in the exhibition calendar," she added.
For more on the Infosecurity Europe show: http://www.infosec.co.uk
