Thousands of US-Based Companies Warned to Increase Protection of Computers Used in Conjunction with Power Plants, Utilities

By Ed Silverstein January 11, 2013

Thousands of U.S.-based companies have been cautioned to reinforce their protection of computers that manage such sensitive facilities as utilities or power plants.

The warning by the U.S.-government came after over 500,000 “potential targets” were listed because they are found on publically available online information, the BBC said.

From the list of 500,000, the U.S. Department of Homeland Security narrowed the most pressing computers to a list of 7,200 possible targets, news reports said.

These are connected to Scada (Supervisory Control and Data Acquisition) computers, which are used in power plants, water treatment technology, traffic controls and utilities, the BBC added.

The identification was made by Bob Radvanovsky and Jacob Brodsky of InfraCritical. The two spent some nine months coming up with their list.

Many of those on the list “contain online login interfaces with little more than a default password standing between an attacker and potential havoc,” according to a report from ThreatPost.com.

“The biggest thing is we are trying to assign a number – a rough magnitude – to a problem plaguing the industry for some time now,” Radvanovsky said in the ThreatPost blog post. “Until you identify the scope of a problem, no one takes steps to change things. We’re doing it on a beer budget; we hope others confirm our results.”

The two are concerned about the false confidence associated with many IT staff overseeing the vulnerable computers.

“They’ll presume a particular protocol is not well known,” Brodsky said. “These guys think no one will figure it out, but actually, there’s a lot of residual information available where you could figure it out. They’re not as secure as they think they are. That’s why this stuff is naked out there on the Internet. A lot of people believe there is some safety in obscurity. I don’t think they’re right.”

Recently, there was a related attack on the Aramco oil facility in Saudi Arabia. It led to malware destroying data on some 30,000 computers. It reportedly took about a few weeks to restore the main internal network services that were affected by a virus, TechZone360 reported.




Edited by Braden Becker

TechZone360 Contributor

SHARE THIS ARTICLE
Related Articles

A CES Made of Glass: Corning's Impact - Problem Is Placement

By: Rob Enderle    2/8/2016

At CES last week, Corning led with a glass-forward vision that was picked up by companies like Panasonic and Samsung showcasing a number of active dis…

Read More

IBM Connect: Blending Apple, Social Media, and Watson to Obsolesce Email

By: Rob Enderle    2/5/2016

I'm at IBM Connect this week, and as with all IBM events since the IBM/Apple partnership, this is as much a showcase for IBM software as it is a showc…

Read More

What's the True Spirit of Super Bowl Sunday? Advertising

By: Kyle Piscioniere    2/5/2016

With the big game coming up on Sunday, let's not forget what the Super Bowl is really about: commercials. Sure, some brutes in jerseys are going to co…

Read More

Verizon & XO: Spectrum, 5G Cause for Rumored Deal?

By: Maurice Nagle    2/4/2016

For two firms that have had somewhat of a contentious relationship, seeing Verizon in late-stage talks to purchase XO Communications is certainly an i…

Read More

Strife at Yahoo: Board Plays Coy, But Mayer Forges On

By: Kyle Piscioniere    2/3/2016

Yahoo has never really recovered its initial dot-com glory. Now, the company is faltering and ready to be stripped for parts. Yet somehow, against all…

Read More