WASHINGTON -- Recently, Maverick-Security wrote a threat paper describing a digital threat to industrial control systems that provides power to America's critical infrastructures. The vulnerability, recently demonstrated in an online video by the Department of Homeland Security (DHS), could allow hackers to take control of remote terminals that run large production power generators. These generators control power delivery to not only the electrical grid, but hospitals, manufacturing facilities, sewer & water treatment facilities, and more.
Today's control systems are built on commercial operating systems and are connected to the Internet using standard Internet Protocol (IP) networking. This allows users to make essential changes and examine systems without having to drive out to the remote substation to do so. But because of their common connectivity and commercially available structure, these remote systems are vulnerable to the same attacks and degradations as any PC workstation. Moreover, their remote nature makes it less likely that they will have current patches or updates. The Maverick paper highlighted these issues as well as described what can be done to prevent the issues from being exploited.