2012 SCADA Security Predictions - How Did Eric Byres Do?
December 2012 by Laura Mattson? tOFINO
Early in 2012 Eric Byres wrote a blog article predicting what he thought would happen in 2012 with regards to SCADA and ICS security. I went back to his blog and highlighted the four main predictions he made. Then I asked him to rate himself on each one.
Prediction 1: No Big Messy Security Events
Laura: You predicted that “there will be no big messy security events in 2012 (No Stuxnet or Slammer)”. Do you feel your prediction was accurate?
Eric: “Unfortunately, I sure got this wrong! I didn’t expect that so many highly sophisticated advanced persistent threats like Flame, Gauss and Duqu would be found. And I certainly didn’t expect that some amateur hackers would develop Shamoon and wipe out 30,000+ computers at Saudi Aramco with it.”
Saudi Aramco’s headquarters complex. This is one of the sites where 30-55,000 workstation hard drives were wiped clean by the Shamoon virus.
“2012 turned out to be worse than I expected, especially if you were running a refinery in the Middle East. Now I worry that we just haven’t found out what is happening in Europe and the Americas. I can’t imagine worms only like computers, SCADA and ICS systems in the Middle East!”
Eric’s Score:
Prediction 2: More than 500 SCADA and ICS Vulnerabilities Disclosed
Laura: You stated that “over 500 vulnerabilities in automation products will be disclosed by freelance ‘researchers’”. Was your predicted figure close to what was actually disclosed this year?
Eric: “Sean McBride, of Critical Intelligence, tells me there are 569 unique ICS specific vulnerabilities reported to ICS-CERT for 2012 as of November 20th. At that rate we’ll top 600 for 2012, which is a 65% increase over 2011. So, I was pretty accurate with this prediction.”
Eric’s Score:
Prediction 3: Half of all Disclosures would Include Attack Code
Laura: You estimated that “half of the disclosures will include sample attack code”. Was this true for 2012?
Eric: “I don’t have any stats on this. So I don’t know how I did. We will probably know at S4 in January. But I will guess that with people like Luigi Auriemma now selling exploits on the open market, I am accurate.”
Eric’s Score: Don’t Know Yet
Prediction 4: Industrial Malware will Continue to be Stealthy
Laura: Your final prediction was that “the trend of industrial malware to be stealthy will continue. (Like the 2011 trio Night Dragon, Duqu and Nitro it may remain undetected for long periods of time and may only come to light when it is too late to prevent significant business or process damage).” Do you think your forecast in this case was true for 2012?
Eric: “This is absolutely true, although as Shamoon showed us you don’t have to be stealthy to do a lot of damage – I didn’t expect that”.
Laura: Although we will have a better idea after S4 on your prediction about sample attack code, at this time you have a 50% success rate on predicting the future – not bad for a Controls Engineer.