Better IT security education could have prevented SCADA hack
Infosecurity Europe says better IT security education could have prevented the high-level SCADA water systems hack in the US
According to Claire Sellick, the show's event director, the hack appears to stem from an incursion into the SCADA software vendor's systems, raising the spectre of other water systems in the US - and elsewhere in the world - being vulnerable to attack.
"The prospect of water systems being remotely compromised by hackers does not bear thinking about, as our society relies on water for factories and everyday mundane chores such as washing and showering. And of course, everyone drinks water, so the prospect of our domestic or office water supply being flooded with chemicals - released en-masse by the hackers - does not bear thinking about," she said.
"More than anything, these reports highlight the need for better education on IT security amongst organisations of all sizes. If the IT staff at the software vendor that is alleged to have been hacked understood the reason why their systems needed to be better defended, then it's likely this high-level compromise would not have happened," she added.
The Infosecurity Europe show event director went on to say that the fact that various US agencies have been involved in issuing warnings - including the Department for Homeland Security - illustrates the potentially serious nature of this IT systems compromise.
It's very likely, she explained, that in gaining access to the vendor's systems, the hackers were able to work out the default settings for the software, as well as the way IDs and passwords on a default system are constructed.
From there, she says, it would be a simple task to work out what IDs and passwords would be likely to work on SCADA-connected water utility company systems.
And it's against this backdrop, Sellick notes, that a central focus of the Infosecurity Europe show is dedicated to providing the highest level of free education to attendees.
"Next year's show - which takes place at London's Earl's Court exhibition centre from the 24th to the 26th of April - will offer a variety of education facilities, offering a range of high quality, multi-format methods of delivering education and training to visitors to meet all possible educational needs," she said.
"Year after year, the show's education programme attracts true luminaries of the information security sphere, covering every important sector within government, vendor and end-user communities alike. It is this unique formula that brings visitors back to the show and draws the experts that make Infosecurity Europe an unmissable event in the exhibition calendar," she added.
For more on the Infosecurity Europe show: http://www.infosec.co.uk
For more on the US SCADA water systems hack: http://bit.ly/u6hqVM
Reed Exhibitions Limited
Infosecurity Europe, celebrating 17 years at the heart of the industry in 2012, is Europe's number one Information Security event. Featuring over 300 exhibitors, the most diverse range of new products and services, an unrivalled education programme and visitors from every segment of the industry, it is the most important date in the calendar for Information Security professionals across Europe. Organised by Reed Exhibitions, the world's largest tradeshow organiser, Infosecurity Europe is one of four Infosecurity events around the world with events also running in Belgium, Netherlands and Russia. Infosecurity Europe runs from the 24th - 26th April 2012, in Earls Court, London. For further information please visit www.infosec.co.uk