SCADA security

SCADA stands for 'Supervisory Control And Data Acquisition, and is a type of Industrial Control System (ICS) - computer controlled systems that monitor and control industrial, infrastructure, and facility-based processes.

Over the past 5 years, we have seen a rise in the number of vulnerabilities in SCADA software.

SCADA software today is at the stage mainstream software was 10 years ago: security updates are erratic (there is great variation in how they are handled), compared to what we are accustomed to in mainstream programs.

Many vulnerabilities remain unpatched for longer than one month in SCADA software.

Read more in the Secunia Vulnerability Review 2014. Download it here.

Time-to-patch for SCADA advisories the last 24 months - Secunia Vulnerability Review 2014
SCADA attack vectors
How dangerous are the SCADA vulnerabilities