Displaying items by tag: SCADA

CISA has issued another warning that SCADA/ICS systems are being targeted for attack. This time they are in the sights of Nation-State groups and with customized tools. The tools are part of follow-on activities after the initial beachhead has been established. These days gaining initial access to a network, even for infrastructure, does not seem to be a difficult task for nation-state groups.

The Department of Homeland Security has issues some very unusual warnings for companies that handle the US Natural Gas Pipelines. The three Amber warnings claim that a concerted intrusion attempt is being made on the command and control centers for this infrastructure service that is responsible for roughly 25% of the power produced in the US. What makes these warnings unusual is the detail and the fact that companies have been told not to do anything to block the intrusions unless they threaten the actual operation of the service.

If there is one thing that you can say Anonymous has done that has a measurable positive effect it is exposing the level of Corporate and Government Ignorance. Ignorance is not an admissible excuse any longer in this day and age and is often used in court when someone says they did not know they were breaking the law. Since this is generally accepted why is anyone willing to give companies that show massive amounts of ignorance (which is just really lack of forethought or cost cutting) when it is discovered that their systems are not secure? We are shocked that this is at all acceptable considering the data breaches going back as far as 2009. Still we continually hear about this product or that network is suddenly discovered to be insecure. Exactly how is that possible?

Only days ago we published an article telling you that you would begin to see more and more news relating to the only activist movement (which includes Anonymous, but is not limited to Anonymous) and how it is dangerous, related to terrorism and even how collectives like Anonymous and other organizations are duping the people wanting to contribute. Well this morning while having our coffee we watch in amusement as a cable news channel featured a US Senator talking about how the “hacktivist” movement is second only to terrorism as a threat to national security.

The National Security Agency has just released a report to the powers that be in the US that expresses concern that the online activist group Anonymous could go after the US power grid in the next 3-5 years (we told you things like this would happen). This report was put together by their counter terrorism group and while it lacked any details in the body of the report (like the axis for attack) and forgot to mention there are other people out there that would like to do this (like foreign countries and real Terrorists) it does raise some real concerns.

Remember when we told you about the SCADA vulnerabilities (here and here)? Well back in August we talked at length about how many of these control systems not only use the default passwords but are connected to the internet. On top of all of these there are a large number that have no high-level security (beyond simple passwords). This puts many of our vital infrastructure services at great risk to compromise from outside parties.