""With concern mounting over recent cyber attacks on critical national infrastructures and government agencies, experts are pointing to the high vulnerability of remote automated industrial control systems, known as SCADAs, according to a report from Joseph Farah’s G2 Bulletin.
SCADAs, or Supervisory Control and Data Acquisition systems, are computer-based systems that monitor and control industrial processes remotely, enabling the automatic functioning of the nation’s critical infrastructures. They monitor and regulate the national electrical grid system; the flow of oil and natural gas; nuclear power facilities; finance and banking systems; telecommunications; the pumping of fuel; food and water delivery; rail and truck transportation; and traffic lights.
But SCADAs provide a gateway for hackers from anywhere in the world, because they don’t have firewalls, and their passwords and other access-control systems can be evaded.
The Obama administration acknowledged Thursday that hackers stole Social Security numbers, health histories and other highly sensitive data from more than 21 million people. Believed to be the largest data breach in U.S. history, it follows the disclosure earlier this year that hackers stole records for about 4.2 million people from the Office of Personnel Management’s personnel database.
Officials have privately linked both intrusions to China, according to the National Journal.
Last Wednesday, New York Stock Exchange trading, United Airlines flights, the Wall Street Journal website and other U.S. business activity were temporarily shut down. The official explanation blamed “technical glitches,” but some cyberwarfare experts believe the shutdowns were the result of a deliberate attack from hackers in China, as WND reported.
SCADAs “sit outside of traditional security walls,” according to a report by Symantec Corporation, an information technology security solutions company.
The report said the risks are increasing as the technology progresses in the energy industry.
“As smart grid technology continues to gain momentum, more new energy systems will be connected to the Internet of Things, which opens up new security vulnerabilities related to having countless connected devices,” it said. “The increasing number of connected systems and centralized control for ICS systems means that the risk of attacks in the future will increase.”
Ripe for exploitation
Two Russian security researchers, Sergey Gordeychik and Gleb Gritsai of Positive Research, disclosed to the Chaos Communication Congress – an annual meeting of the international hacker scene – that they found more than 60,000 exposed control systems online that were ripe for exploitation by taking “full control of systems running energy, chemical and transportation systems.”
The Russian hackers discovered the ease at which they could gain full access to Programmable Logic Controllers, or PLCs.
As reported by Computer World, the two researchers identified more than 150 vulnerabilities in SCADA, ISC and PLCs, with 5 percent being “dangerous remote code execution holes.""
No comments:
Post a Comment