[ISN] PLCs a prison vulnerability: researchers

From: InfoSec News <alerts_at_private>
Date: Mon, 1 Aug 2011 04:49:19 -0500 (CDT)
http://www.theregister.co.uk/2011/08/01/stuxnet_and_jails/

By Richard Chirgwin
The Register
1st August 2011

Hard on the heels of warnings that critical systems in America are 
vulnerable to Stuxnet-style attacks, a group of security researchers 
says SCADA systems and PLCs make prisons vulnerable to computer-based 
attacks.

In a white paper published here, Teague Newman, Tiffany Rad and John 
Strauchs say the use of PLCs (programmable logic controllers) to control 
systems such as cell doors means that prisons inherit the 
vulnerabilities of PLC-based systems.

There isn’t actually much that’s new in their document: if SCADA and PLC 
systems are vulnerable to attacks, then so are the systems they control. 
The main point of the discussion is that most people, includingepl 
perhaps the authorities operating prisons, are only dimly aware of the 
extent to which physical security is a function of IT security.

PLCs are deployed in jails because of the complex controls needed: there 
are rules (for example) dictating which doors may be open at the same 
time, what times different doors may be open, which alarms or alerts (if 
any) should be sounded for different doors or combinations of doors 
being open, and so on.

[...]


___________________________________________________________
Attend Black Hat USA 2011, hosted at Caesars Palace in
Las Vegas, Nevada July 30-Aug 4, offering over 60 training
sessions and 9 tracks of Briefings from security industry elite.
To sign up visit: http://www.blackhat.com
Received on Mon Aug 01 2011 - 02:49:19 PDT

This archive was generated by hypermail 2.2.0 : Mon Aug 01 2011 - 02:50:51 PDT