{"id":82916,"date":"2013-10-18T06:59:47","date_gmt":"2013-10-18T05:59:47","guid":{"rendered":"http:\/\/rinf.com\/alt-news\/breaking-news\/hack-a-power-plant-researchers-discover-vulnerabilities-impacting-critical-us-infrastructure-19\/82916\/"},"modified":"2013-10-18T06:59:47","modified_gmt":"2013-10-18T05:59:47","slug":"hack-a-power-plant-researchers-discover-vulnerabilities-impacting-critical-us-infrastructure-19","status":"publish","type":"post","link":"http:\/\/rinf.com\/alt-news\/breaking-news\/hack-a-power-plant-researchers-discover-vulnerabilities-impacting-critical-us-infrastructure-19\/","title":{"rendered":"Hack a power plant: Researchers discover vulnerabilities impacting critical US infrastructure"},"content":{"rendered":"
\"The<\/a><\/div>\n
\n
\n\t\t\t\t\t\t
\n
\n Published time: October 17, 2013 20:55 <\/span>
\n <\/p><\/div>\n
\n

The Vermont Yankee nuclear power plant in Vernon (Reuters\/Brian Snyder)<\/p>\n<\/p><\/div>\n<\/p><\/div>\n

New research revealed this week shows that many of the nation’s vital infrastructure systems are more vulnerable to cyberattacks than previously expected.<\/p>\n

\n In fact, researchers Chris Sistrunk and Adam Crain have
\n discovered 25 different security system weaknesses that could
\n potentially permit hackers to sabotage or crash servers that
\n control water systems and electric substations.\n<\/p>\n

\n Throughout the course of their research, Sistrunk and Crain
\n discovered that the products of more than 20 vendors had
\n significant security vulnerabilities. Hackers could, for example,
\n crash a power station’s master server by guiding it into an
\n infinite loop, or cause power outages by remotely injecting their
\n own make-shift code into a server.\n<\/p>\n

\n “Every substation is controlled by the master, which is
\n controlled by the operator<\/i>,” Sistrunk told Wired, which broke
\n the story. “If you have control of the master, you have
\n control of the whole system, and you can turn on and off power at
\n will<\/i>.”\n<\/p>\n

\n These security holes have generally been found in serial and
\n networking devices used to communicate between servers and
\n substations. Since most efforts have gone into preventing
\n cyberattacks via IP networks, the possibility of a security
\n breach through serial communication products has generally been
\n deemed as less of a risk. The truth of the matter, as Crain tells
\n it, is that hacking into a power system via serial communication
\n devices may be easier than going through the internet.\n<\/p>\n

\n Part of the reason why is that substations generally have very
\n lax security; they are rarely manned and often surrounded only by
\n a fence and monitored by a security camera. If physical access
\n isn’t possible, hackers could crack into a utility’s wireless
\n radio network and use that as a means for delivery.\n<\/p>\n

\n “If someone tries to breach the control center through the
\n Internet, they have to bypass layers of firewalls<\/i>,” Crain
\n said. “But someone could go out to a remote substation that
\n has very little physical security and get on the network and take
\n out hundreds of substations potentially. And they don’t
\n necessarily have to get into the substation either.”<\/i>\n<\/p>\n

\n Of the more than two dozen vulnerabilities discovered, vendors
\n have released security patches for nine of them. Bafflingly,
\n however, many utilities have yet to install them because they
\n underestimate the potential risk of attack. The fact that the
\n security standards established by theNorth American Electric
\n Reliability Corporation focus solely on IP communication also
\n makes the problem worse.\n<\/p>\n

\n In an attempt to raise awareness about the issue, the Industrial
\n Control Systems Cyber Emergency Response Team (ICS-CERT) has
\n issued multiple reports on the security weaknesses. Additionally,
\n Crain and Sistrunk will speak on their research during Florida’s
\n S4 security conference in January.\n<\/p>\n

Copyright: RT<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Published time: October 17, 2013 20:55 The Vermont Yankee nuclear power plant in Vernon (Reuters\/Brian Snyder) New research revealed this week shows that many of the nation’s vital infrastructure systems are more vulnerable to cyberattacks than previously expected. In fact, researchers Chris Sistrunk and Adam Crain have discovered 25 different security system weaknesses that could […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[487],"tags":[],"class_list":{"0":"post-82916","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-breaking-news"},"_links":{"self":[{"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/posts\/82916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/comments?post=82916"}],"version-history":[{"count":0,"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/posts\/82916\/revisions"}],"wp:attachment":[{"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/media?parent=82916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/categories?post=82916"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/tags?post=82916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}