Saturday, August 02, 2008

Is Digital Bond's SCADApedia arming attackers?

Unless you've subscribed to the RSS you've probably missed all the cool stuff like a list of control systems ports (watch out for typos or other errors though on Bacnet and Modbus/TCP of all things!) that is on SCADApedia. Several years ago I can a remember a fairly high level official in a government critical infrastructure protection group commenting that this sort of information should not be made public and of course I would guess that over 75% of the "real SCADA Security experts" (you know the ones that come out of an automation background, hold a PE, use the term "Cyber Security" without a trace of irony) would think this sort of information is dangerous. Or how about the members of the upcoming PCSF Panel on Vulnerability Disclosure (I ran the first one back in 2006 which led to some controversy).

It will be interesting to see how much (or how little) things have changed since then.

4 comments:

teb said...

Post a list of default usernames and passwords for control system interfaces and devices.. then people might sweat a little.

Matt Franz said...

That would be cool. Sounds like a good first project for your new gig ;)

GridEngineer said...

Matt,

I think ScadaPedia is arming the defenders more than the attackers. Considering the Control System experience of your usual firewall administrator is not anywhere near his normal IT experience, they now can configure their firewalls in a way to minimize attacks over the standard ports, as well as provide alerts that someone is looking at their Control System network with more intensity then an attacker with a more mundane motive.

Mike Toecker

Jake said...

Matt, this information works both ways. I think it's appropriate. Most of the data in there isn't all that unknown anyway.

But they left one out. 19999 was just assigned to the Secure Authentication port for DNP. I'm not sure how it fits in the current scheme of the protocol, but I think it will get some use...