US security firm uncovers SCADA threats to power plants and oil refineries


US security firm uncovers SCADA threats to power plants and oil refineries

Warwick Ashford

A US security research organisation says it has discovered methods hackers could use to sabotage power plants, oil refineries or manufacturing operations.

"This is a global problem. There are no fixes to this right now and bad guys would be able to cause real environmental and physical problems and possibly loss of life," said Rick Moy, chief executive at US computer security research firm NSS Labs, according to AFP reports.

NSS Labs says it shared its findings on supervisory control and data acquisition (SCADA) system vulnerabilities with the US Computer Emergency Readiness Team (CERT). NSS added that it was briefing industrial facilities, but was revealing little publicly out of concerns for safety.

NSS researcher Dillon Beresford reported finding "multiple vulnerabilities" in Siemens programmable logic controllers (PLCs) targeted by the Stuxnet worm.

The controllers are used in plants worldwide to regulate things like temperatures, pressures and centrifuge speeds, as they were in the Iranian nuclear facilities targeted by Stuxnet.

While Stuxnet targeted PLCs through operating system software, NSS researchers found ways to reprogram the devices directly if they can be reached on a network.

NSS Labs has also challenged the widely held belief that Stuxnet was created at huge cost by a nation state.

According to NSS Labs, it took researchers less than three months to come up with attacks on the controllers, on a budget of less than $3,000.

Siemens has played down concerns that an attack could be pulled off outside a lab and said it was working to address the vulnerabilities.

White paper: How to Protect Industrial Infrastructure Against Malware >>

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy