IT security: power supply and waste water disposal at risk

Security researchers recently discovered vulnerabilities in operational technology systems, which hackers could use to attack control systems in critical infrastructures with malicious code.


IT security researchers from Vedere Labs uncovered some critical gaps in operational technology systems (OT) such as SCADA control systems in the industrial sector. Such systems are also used in critical infrastructures, which means that possible attacks can have far-reaching consequences. For example, there could be disruptions to the global power and water supply. In the worst case, hackers could gain full control over the affected systems.


Vulnerabilities discovered

In many cases, the security gaps that were discovered are beginner’s mistakes – security standards that were actually taken for granted were screwed up. Responsible for the vulnerabilities were, among other things, hard-coded access data, broken or missing authentications and unsigned firmware. According to their own statements, the researchers came across thousands of systems accessible via the Internet using the Shodan search engine.

The security researchers at Vedere Labs have summarized details of the 56 vulnerabilities discovered and the devices affected in their “OT:ICEFALL” report. Another four vulnerabilities were kept under lock and key for security reasons. Manufacturers such as Ericsson, Motorola and Siemens are affected by the gaps.


Recommendations for action

The Vedere Labs report is not clear on whether security updates are already available for all vulnerabilities. Admins of potentially affected systems should therefore check the respective support area for current patches.

In addition, some security basics should also be checked regularly. For example, control systems in critical infrastructures should not be accessible via the Internet or, if at all, only to a limited extent via an encrypted VPN tunnel. In addition, control systems should be separated from production systems. Shielding through firewall rules can also increase the security of the systems – IT security: power supply and waste water disposal at risk.

Source: Vedere Labs