NSS Labs Warns of Surge in in SCADA Vulnerabilities
Security flaws in ICS and SCADA systems have increased by 600 percent since 2010.
According to NSS Labs' 2012 Vulnerability Threat Report, vulnerabilities within information control systems (ICS) and supervisory control and data acquisition (SCADA) systems have increased by 600 percent since 2010, and nearly doubled from 2011 to 2012 alone.
"Security experts who make money from selling fixes -- and politicians angling for government funds -- are often eager to hype the threat from such bugs," writes Bloomberg's Jordan Robertson. "But the numbers released by NSS show an unsettling trend. Of the top 20 control-system vendors affected, few are household names, and attacks are already happening."
"Unfortunately, with tools now available to easily identify internet-facing ICS/SCADA systems, NSS expects that the arms race has only just started -- it said that it expects security issues within these systems to continue increasing," Infosecurity reports.
The report also found that after a five-year decline, the number of software vulnerabilities disclosed in 2012 rose 26 percent compared to 2011. "The increase in software coding errors is being fueled in part by a shift in focus toward critical infrastructure protection and emerging software, Stefan Frei, research director at NSS Labs, told CRN," writes CRN's Robert Westervelt.