SCADA Security Alert

Destructive as “WannaCry”

Last Thursday,  the Microsoft Security Response Center issued a warning that anyone running legacy Windows™ operating systems (from Windows XP through Windows Server 2008 r2)  is vulnerable to ransomware attacks as destructive as the 2017 “WannaCry” attack that shut down computers all around the world, costing users over $100,000,000.00.  Microsoft believes that over 1 million computers are vulnerable to the so-called “BlueKeep” vulnerability.  Microsoft evaluates this threat as a 9.8 on a scale of 10.  Windows 8 and Windows 10 users are not affected.

Network connected SCADA users are just as vulnerable as business system users to this type of malware.  Furthermore, this type of attack uses a sophisticated “worm” technology that requires no interaction by users.   Simply connecting an infected device to the network is enough to infect every other computer on the network.  Further details are available here.

What should you do?

Microsoft urges anyone running a vulnerable computer install the latest updates at once and make sure RDP (Remote Desktop Protocol)  is not exposed to the Internet unless absolutely necessary.  Enabling Network Level Authentication for remote desktop services is a helpful measure, but it’s ineffective against attackers who have network passwords, which is a common occurrence in ransomware infections.  

InstruLogic can help 

Due to the performance intensive nature of SCADA software, installing untested Operating System updates and patches can cause system failure.  SCADA users need to ensure that SCADA software versions are compatible with the updates and patches before they are installed.  Our professionals are familiar with SCADA requirements and thoroughly trained to manage and install patches and updates.  We suggest the following alternatives.

1. If you have a well trained SCADA support staff, you can do it yourself.  Please don’t delay.  

2. Let us install the update for you.  Have some peace of mind knowing that your systems are up to date without the risk of making an unintended error.  Order Services.