America's Stuxnet - Achilles heel found in systems used by Pentagon, power grid
An article that appeared in the Christian Science Monitor discusses an "amateur cybersecurity researcher" who found the digital version of a back door into everything from traffic lights to trains, refineries, pipelines, power plants and missile systems that would make it possible for a hacker to sabotage those systems’ ability to operate from within - and he told RuggedCom, the company responsible for the vulnerability, a year ago about it...To date, the vulnerability has still not been addressed.
The Christian Science Monitor reported that: “The back door is a secret login that allows the manufacturer to get into the equipment’s control systems without anyone knowing about it - even the purchaser. In theory, manufacturers could use their back doors to send updates to the equipment, but since [the logins] are secret, their use is not well known...What is unusual is that RuggedCom’s equipment is often used as a digital fortress, protecting [hackers from accessing] far more vulnerable systems that throw mechanical switches or close and open valves. Also surprising, experts say, is that the password needed to enter through this back door appears to be relatively easy to hack…Pipelines, refineries, traffic lights, trains, military systems - all are at greater risk, especially to adept hackers belonging to nation-state intelligence agencies...[E]ven though these vulnerable systems are widespread, the problem is likely fixable, unless the RuggedCom operating system is too reliant on the back door login and its weak password-encryption system."
Click on the following link to read the full article: http://www.csmonitor.com/USA/2012/0425/America-s-Stuxnet-Weakness-found-in-systems-used-by-Pentagon-power-grid
This discovery of yet another cyber vulnerability comes at a time when there have been increasing reports of the distribution of malware and software that can cause actual physical damage to equipment, machinery and facilities. The Department of Homeland Security has stated that there have already been numerous cyber attacks launched against US infrastructure (likely the electrical grid and gas pipelines). Programmable computer controllers, used in a wide variety of industrial and manufacturing facilities may be particularly vulnerable. Any suggestion that critical industrial control systems have been fully hardened against hacker attacks appears to be optimistic. Given that the potential for substantial first and third party damage clearly exists, how are insurers addressing this new type of cyber exposure?