The topic of the interview is the security of SCADA-based systems. As reported previously by Infosecurity, SCADA stands for supervisory control and data acquisition, a technology that is typically Win98-based and acts as an IT control system for national infrastructure systems such as power grids, nuclear energy power stations and other industrial systems.
SCADA-based systems are central to most people's way of life and, for this reason, the topic has risen to the top of the security agenda in government circles in recent months, largely owing to the rise of SCADA-targeting malware, Infosecurity notes.
According to Santamarta, SCADA and IT security are an interesting mix from an IT perspective, as industrial networks were not initially created with the idea of being connected to the internet.
"They were isolated networks. For this reason security was not considered", he said, adding that, since the overriding trend at present is for interconnection and remote control.
As a result, he says, networks that previously were isolated now have to be connected, and when things are not done properly, that's when problems start occurring.
Santamarta went on to say that, against this backdrop, industrial hardware and software vendors are beginning to become aware of the importance of security.
"This can't be seen as just another formality, but as a fundamental part of the process, providing added value and absolutely necessary. Although there is still a long way to go," he said.
The issue of security of SCADA-based systems is made more complex by the fact that the WinterCore IT specialist says that 80% of critical (national) infrastructure is in private hands.
Yet, he says, this is something that affects the public as a whole, meaning that the government should legislate and educate. This is, he explained, not something that is against the public interest, but is positive for everyone.
In his interview with Corrons, Santamarta said that – technically – it is possible a SCADA-based system could be attacked, causing problems for a country's electricity and water supplies.
Stuxnet, he said, has been a turning point. "Simply put, it is a weapon made out of bytes", he said, adding that his opinion is that anyone who has analysed the Stuxnet malware would have no doubt that at least one country is behind the attack.