http://www.wired.com/threatlevel/2012/01/10000-control-systems-online/
By Kim Zetter
Threat Level
Wired.com
January 24, 2012
MIAMI, Florida -- A security researcher was able to locate and map more
than 10,000 industrial control systems hooked up to the public internet,
including water and sewage plants, and found that many could be open to
easy hack attacks, due to lax security practices.
Infrastructure software vendors and critical infrastructure owners have
long maintained that industrial control systems (ICSes) — even if rife
with security vulnerabilities — are not at risk of penetration by
outsiders because they’re “air-gapped” from the internet — that is,
they’re not online.
But Eireann Leverett, a computer science doctoral student at Cambridge
University, has developed a tool that matches information about ICSes
that are connected to the internet with information about known
vulnerabilities to show how easy it could be for an attacker to locate
and target an industrial control system.
“Vendors say they don’t need to do security testing because the systems
are never connected to the internet; it’s a very dangerous claim,”
Leverett said last week at the S4 conference, which focuses on the
security of Supervisory Control and Data Acquisition systems (SCADA)
that are used for everything from controlling critical functions at
power plants and water treatment facilities to operating the assembly
lines at food processing and automobile assembly plants.
[...]
_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn
