Industrial Systems Still a Target, but Public Details Lacking
A quarterly government report gives vague descriptions of two attacks against utility and manufacturing systems, but the visibility into such incidents is low.Two intrusions into control-system networks revealed in a recent report underscore that such systems continue to be the focus of online attackers and remain vulnerable, but details of the motives and methods of attackers continue to be lacking. In one incident, described in the Industrial Control System Computer Emergency Readiness Team (ICS-CERT) Monitor Newsletter, attackers compromised the control-system network of a utility, after the unspecified company left a management system open to access from the Internet. The attacker used a brute-force password attack to gain access to the system, the ICS-CERT report stated. "This incident highlights the need to evaluate security controls employed at the perimeter and ensure that potential intrusion vectors—(for example) remote access—are configured with appropriate security controls, monitoring, and detection capabilities," ICS-CERT stated in the report. A second attack, also mentioned in the report, appeared to be less serious, with the attacker gaining access to the controlling server for a mechanical device. The device, however, was not connected and undergoing maintenance, the report stated. While the ICS-CERT report gives few public details of the incidents, the attacks show that utilities and control systems remain a target of online hackers, said Tim O'Brien, director of threat intelligence for Norse, a security information firm.
"The security posture for utilities, for industrial control systems, that run our critical infrastructure is about at the same level as the PC business infrastructure was back in the 1980s," O'Brien told eWEEK. "It just isn't there."