Expert Comments on Proof-of-Concept PLC Worm that could take down Power Plants and Utilities

By   Information Security Buzz Editorial Staff
Chief Editor , Information Security Buzz | May 09, 2016 01:00 am PST

A proof of concept worm demonstrated at BlackHat Asia shows that the programmable logic controller (PLC) worm could be a disaster for power plants and other utilities. David Meltzer, Chief Research Officer for Tripwire provides an insight below.

David Meltzer, Chief Research Officer, Tripwire:

“This research shows how serious the risk is to industrial environments.  While theoretically this could spread extremely quickly, organizations that follow good security practices can do much to mitigate these kinds of attacks today.”

Meltzer explains, “Industrial firewalls that implement IEC62443 guidelines segment networks into zones that would prevent PLCs from broadly communicating with each other.  Following vendor recommendations for updating firmware revisions and securely configuring devices can also reduce the attack surface for these types of attacks.  Although this is an important potential attack vector, the most likely system to be compromised in an industrial environment is still, like on IT systems, a Windows PC.”

[su_box title=”About Tripwire” style=”noise” box_color=”#336588″][short_info id=’59580′ desc=”true” all=”false”][/su_box]