PA extract:
"In a worst-case scenario, if a chemical or petroleum plant were to go up, there would be a risk of loss of life. If people hack into electricity distribution and water systems, there could also be a big impact," said Justin Lowe, principal consultant at PA Consulting.
Control equipment suppliers have been reluctant to allow their customers to apply patches to control systems without accreditation testing - a process that can take up to nine months. This is understandable because a mistake in a patch could result in serious damage to a plant.
However, Lowe said this is of little help when hackers can create worms to attack new vulnerabilities in a matter of days.
"Patching and anti-virus systems are not supported by suppliers. You have critical control systems connected to corporate networks that do not have anti-virus systems. That is not through negligence of the users - it has never appeared on the radar.
"One of the scary things is the increased use of wireless technology, even at low levels. If you visit trade fairs you see controllers with Bluetooth stickers or small aerials. They offer great cost savings but obviously there are security implications."
- To access the full article, in another Web site, please click on the link at the top right.
