Nuclear Power Plants Susceptible To Hacker Attacks Nuclear Power Plants Susceptible To Hacker Attacks

According to security researcher and active-duty U.S. Air Force Cyber Warfare Operations Officer, Robert Lee, nuclear power plants aren't impenetrable to hackers. His research, which will be presented at the Black Hat conference, next week, shows how cyber attackers can take full control over the facility by exploiting a vulnerability in the Industrial Ethernet Switches (IES). In order to disclose and fix the vulnerability, Mr. Lee worked with risk researcher Eireann Leverett, security consultant Colin Cassidy and four of the biggest industrial switch vendors: Siemens, General Electric, Garrettcom and Opengear.

In case you're unfamiliar with the subject, here is the short version: while very rarely employed in home use, Industrial Ethernet Switches are responsible for maintaining network connections in factories, ports, refineries and basically all kind of industrial organizations. These devices seem to be actually quite unsecured, exhibiting a wide array of issues such as lack of proper authentication for firmware updates and hard coded encryption keys. Add to that the human mistakes such as default or weak passwords and you will understand how hackers could quite easily get in. Once inside the system, the attackers can take full control over the entire facility and even cause a critical failure.

In Mr. Lee's words, "Anything that the facility is capable of in its natural operating system, you’re (the attacker) capable of doing — and doing damage with if you control the network. With a power station, you can have major repercussions. With a hydroelectric dam, if you don’t monitor processes in a normal situation, it’ll spin out of control. Everything you have can be manipulated.” However, despite his warning and actual demonstration about how such an unfortunate event can happen, companies and researchers may or may not be working on a way to fix this problem. “What we don’t have is awareness,” said Lee. “There is a massive lack of security awareness in the industrial control systems community.” and since we're talking about actual nuclear plants, such a lackadaisical behavior can endanger us all.

Author's other posts

How to make your Mac kid-friendly?
Article
How to make your Mac kid-friendly?
A few tips on how to ensure your kids' safety while they're using Macs as well as on how to keep the machine safe from your children.
Samsung's next Galaxy phone is already up for reservations
News
Samsung's next Galaxy phone is already up for reservations
Even though Samsung hasn't announced the price of the upcoming Galaxy phone or its technical specifications, we can already make reservations and be among the first to receive it.
Find out which Android phones will be able to run Fortnite
News
Find out which Android phones will be able to run Fortnite
Curious to see if you'll be able to play the Android version of Fortnite on your phone? Here's the complete list of supported devices.
Mac security tricks
Article
Mac security tricks
If you don't have a lot of experience in using your Mac, here are a few tips that could keep your machine safe from various threats.