Just days after Core Security Technologies reported vulnerabilities in CitectSCADA, Citect has reassured its customers they are extremely unlikely to be at risk from potential security breaches found by CST in Windows-based control systems utilizing ODBC technology, so long as their systems are protected by industry-standard security guidelines.
Citect and other SCADA and Control vendors have been communicating potential vulnerabilities of control systems when they are connected to the internet for some time. However, Citect believes this is only relevant to a company using ODBC technology and directly connecting its system to the internet with no security in place — a situation unlikely in today’s business environment.
Citect’s Global CEO, Christopher Crowe, says, “The security of our customers’ control systems is of paramount importance to us. Though we have not had any reports of breaches, we are contacting our customers globally to confirm they have followed recommended network security measures. We have also developed a patch for those companies that might not be able to implement necessary network security measures promptly.”
Citect has been designing SCADA software for 21 years and educating the market about network security. Citect follows, and recommends to its customers, industry best practices in the development and implementation of control systems.
Citect’s position on SCADA and process control network security remains unchanged — SCADA systems, like any business systems, must be protected from unauthorised access via the internet. They must be secured by robust protection including firewalls, intrusion detection systems and VPNs. There are basic security measures published by various organizations.
Citect advises customers on network security and has published whitepapers to further educate the market: htt