SCADA Security in 2012: Eric Byres Evaluates his Predictions

Editor’s Note: This article was contributed by Laura Mattson, marketing specialist.

Early in 2012 Eric Byres wrote a blog article predicting what he thought would happen in 2012 with regards to SCADA and ICS security. I went back to his blog and highlighted the four main predictions he made. Then I asked him to rate himself on each one.

Prediction 1: No Big Messy Security Events

Laura: You predicted that “there will be no big messy security events in 2012 (No Stuxnet or Slammer)”. Do you feel your prediction was accurate?

Eric: “Unfortunately, I sure got this wrong! I didn’t expect that so many highly sophisticated advanced persistent threats like Flame, Gauss and Duqu would be found. And I certainly didn’t expect that some amateur hackers would develop Shamoon and wipe out 30,000+ computers at Saudi Aramco with it.”

Aramco_Core_Area_V1

Saudi Aramco’s headquarters complex. This is one of the sites where 30-55,000 workstation hard drives were wiped clean by the Shamoon virus.

“2012 turned out to be worse than I expected, especially if you were running a refinery in the Middle East. Now I worry that we just haven’t found out what is happening in Europe and the Americas. I can’t imagine worms only like computers, SCADA and ICS systems in the Middle East!”

Eric’s Score:

Prediction 2: More than 500 SCADA and ICS Vulnerabilities Disclosed

Laura: You stated that “over 500 vulnerabilities in automation products will be disclosed by freelance ‘researchers’”. Was your predicted figure close to what was actually disclosed this year?

Eric: “Sean McBride, of Critical Intelligence, tells me there are 569 unique ICS specific vulnerabilities reported to ICS-CERT for 2012 as of November 20th. At that rate we’ll top 600 for 2012, which is a 65% increase over 2011. So, I was pretty accurate with this prediction.”

Eric’s Score:

Prediction 3: Half of all Disclosures would Include Attack Code

Laura: You estimated that “half of the disclosures will include sample attack code”. Was this true for 2012?

Eric: “I don’t have any stats on this. So I don’t know how I did. We will probably know at S4 in January. But I will guess that with people like Luigi Auriemma now selling exploits on the open market, I am accurate.”

Eric’s Score: Don’t Know Yet

Prediction 4: Industrial Malware will Continue to be Stealthy

Laura: Your final prediction was that “the trend of industrial malware to be stealthy will continue. (Like the 2011 trio Night Dragon, Duqu and Nitro it may remain undetected for long periods of time and may only come to light when it is too late to prevent significant business or process damage).” Do you think your forecast in this case was true for 2012?

Eric: “This is absolutely true, although as Shamoon showed us you don’t have to be stealthy to do a lot of damage – I didn’t expect that”.

Laura: Although we will have a better idea after S4 on your prediction about sample attack code, at this time you have a 50% success rate on predicting the future – not bad for a Controls Engineer.

Eric’s Score:

Do you think Eric’s crystal ball was accurate with his predictions for 2012? Or should he keep his day job?

Stay tuned for Eric’s 2013 forecast!

Image credit: Wikipedia

Laura Mattson
Marketing Specialist
Tofino Security
laura.mattson@belden.com
+1 250 984 4105

Practical SCADA Security thanks Laura for this article.

beldensolutions.com

Featured Bloggers

Popular Tags

Post navigation

SCADA Security in 2012: Eric Byres Evaluates his Predictions

Prediction 1: No Big Messy Security Events

Prediction 2: More than 500 SCADA and ICS Vulnerabilities Disclosed

Prediction 3: Half of all Disclosures would Include Attack Code

Prediction 4: Industrial Malware will Continue to be Stealthy

Related Content to Download

Related Links

Post navigation

Comments Cancel reply

Subscribe

On Twitter