BOSTON (Reuters) – The U.S. government is looking into claims by a cyber security researcher that flaws in software for specialized networking equipment from Siemens could enable hackers to attack power plants and other critical systems.
The Department of Homeland Security said in an alert released on Tuesday that it had asked RuggedCom to confirm the vulnerability that Clarke, a 30-year-old security expert who has long worked in the electric utility field, had identified and identify steps to mitigate its impact.
“If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you,” Clarke said.
Marcus Carey, a researcher with Boston-based security firm Rapid7, said potential attackers might exploit the bug discovered by Clarke to disable communications networks as one element of a broader attack.
“It’s a big deal,” said Carey, who previously helped defend military networks as a member of the U.S. Navy Cryptologic Security Group. “Since communications between these devices is critical, you can totally incapacitate an organization that requires the network.”
The report on the RuggedCom vulnerability is among 90 released so far this year by ICS-CERT about possible risks to critical infrastructure operators. That is up from about 60 in the same period a year earlier, according to data published on the agency’s website.
Full article: US Nuclear Power Plants May Be Totally Vulnerable To Hackers (Business Insider)