10K Reasons to Worry About Critical Infrastructure

Screenshot showing an industrial control system in Idaho that's connected to the internet. The red tag indicates there are known vulnerabilities for the device that might be exploitable. Two known vulnerabilities are listed at the bottom of the text bubble. MIAMI, Florida – A security researcher was able to locate and map more than 10,000 industrial control systems hooked up to the public internet, including water and sewage plants, and found that many could be open to easy hack attacks, due to lax security practices. Infrastructure software vendors and critical infrastructure owners have long maintained that industrial control systems (ICSes) — even if rife with security vulnerabilities — are not at risk of penetration by outsiders because they’re “air-gapped” from the internet — that is, they’re not online. But Eireann Leverett, a computer science doctoral student at Cambridge University, has developed a tool that matches information about ICSes that are connected to the internet with information about known vulnerabilities to show how easy it could be for an attacker to locate and target an industrial control system. “Vendors say they don’t need to do security testing because the systems are never connected to the internet; it’s a very dangerous claim,” Leverett said last week at the S4 conference , which focuses on the security of Supervisory Control and Data Acquisition systems (SCADA) that are used for everything from controlling critical functions at power plants and water treatment facilities to operating the assembly lines at food processing and automobile assembly plants.

Here is the original post: 
10K Reasons to Worry About Critical Infrastructure

You might also like

Idaho Lab In a Race to Shore Up Critical Infrastructure Systems IDAHO FALLS, Idaho – All it took was one click of a mouse from the CEO of the ACME Chemical company....

Infrastructure at Risk From Feds’ Failure to Share Info, Security Researchers Charge LONG BEACH, CA — If the government really wants to protect the nation’s electrical grid and critical...

Hoping to Teach a Lesson, Researchers Release Exploits for Critical Infrastructure Software Photo: Kolin Toney /Flickr MIAMI, Florida — A group of researchers has discovered serious security...

DHS: Anonymous Interested in Hacking Nation’s Infrastructure The hacker collective known as Anonymous has expressed interest in hacking industrial systems that control...

Tags: assembly, automobile, cambridge, control, cybersecurity, facilities, practices, supervisory