In addition to foreign manufacturers, very long (decade or more) upgrade times, deployments in odd locations that pretty much require network access by non-net-savvy technicians, etc., SCADA also has another bug:

Neutralbit identified the vulnerability in NETxAutomation NETxEIB OPC (OLE for Process Control) Server. OPC is a Microsoft Windows standard for easily writing GUI applications for SCADA. It’s used for interconnecting process control applications running on Microsoft platforms. OPC servers are often used in control systems to consolidate field and network device information.

Neutralbit reports that the flaw is caused by improper validation of server handles, which could be exploited by an attacker with physical or remote access to the OPC interface to crash an affected application or potentially compromise a vulnerable server. Neutralbit has also recently published five vulnerabilities having to do with OPC.

— Hole Found in Protocol Handling Vital National Infrastructure, physorg.com, 25 March 2007

Neutralbit also claims this is the first remotely accessible SCADA vulnerability, which the smallest amount of googling shows is not true (I leave that as an exercise for the reader). However, they probably have found a real vulnerability.

A bad situation has been made worse by adding Windows. And more holes resulted. Surprise!

The best defense we have for SCADA is the same balkanized byzantine deployments that make fixing these SCADA security problems so difficult in the first place.

Of course, if the U.S. were serious about this sort of thing, the U.S. government could probably fund new and better SCADA software and deployments for about what it spends in one week in Iraq, and for probably less than it wastes in airport security theater.

Until then, or until the first really big SCADA exploit, SCADA will be vulnerable.

-jsq