by Staff Writers
Las Vegas (AFP) Aug 3, 2011
Researchers warned on Wednesday that energy facilities and industrial plants of all kinds are vulnerable to destructive cyber attacks, in some cases with something as simple as a text message.
Frightening presentations at a prestigious Black Hat computer security conference were preceded by official alerts to energy producers detailing the weaknesses and urging steps be taken to beef up defenses.
"This is not just the United States, it is around the globe," said Tim Roxey, director of risk assessment at the North American Electric Reliability Corporation (NERC) responsible for enforcement of industry standards.
"If somebody really has you in their sites, they've got you," he said of the situation.
Black Hat presentations that triggered the NERC alerts revealed that "PLC" units that control basic factory functions ranging from turbines to valves or even sorting could be commandeered by hackers.
The point was to debunk myths of how it took a nation state with millions of dollars and teams of researchers to penetrate nuclear power plants in attacks by an infamous "Stuxnet" virus, according to NSS Labs security researcher Dillon Beresford.
Beresford described finding a way into PLCs made by Germany-based Siemens AG in a matter of weeks working in his bedroom.
A Siemens representative that took part in the presentation said the company has been working with researchers on the situation.
"It is not only nation states that have this capability, it is now in the hands of researchers and will inevitably get into malicious hands," Beresford said.
"It could be some lone hacker," he continued. "Most people with the time and resources could pull this off."
Cyber attackers would need to get access to machines, which was said to be less daunting than it sounded, according to Beresford.
Research presented by iSEC Partners security consultant Don Bailey showed that mobile Internet connection cards used in some PLCs in remote locations could be given commands by text messages, provided the senders knew the numbers assigned to cards.
"We can talk about vulnerabilities in PLCs, GSM (mobile networks), or my socks," Bailey said.
"But the talk has to be about the cost, and machine-to-machine communications exploding in the GSM world," he continued.
Computers insulated from the internet by "air gaps" could find defenses breached by mobile connection cards used for long-distance monitoring or links to sensors that feed information to the Internet, according to Bailey's research.
Cyberwar - Internet Security News - Systems and Policy Issues
|The content herein, unless otherwise known to be public domain, are Copyright 1995-2014 - Space Media Network. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA Portal Reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement,agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement|