infrastructure

LAS VEGAS--Not only are SCADA systems used to run power plants and other critical infrastructure lacking many security precautions to keep hackers out, operators sometimes practically advertise their wares on Google search, according to a demo today during a Black Hat conference workshop.

Acknowledging that he wouldn't click on any link results to avoid breaking the law by accessing a network without authorization, researcher Tom Parker typed in some search terms associated with a Programmable Logic Controller (PLC), an embedded computer used for automating functions of electromechanical processes. Among the results was one referencing a "RTU pump status&… Read more

AAA today announced roadside assistance for electric vehicles, addressing an industry-wide concern over the limited range of all-electric cars.

The motor club unveiled its AAA Roadside Assistance service for EVs at the Plug-In 2011 electric vehicle conference, saying that six metropolitan areas will each pilot-test a truck starting this summer. The intent is to give drivers a limited amount of drive time to get them out of a jam and to a charging station, according to AAA.

The mobile chargers will be Level 2 and Level 3 chargers, which means they operate faster than a normal household outlet. Ten to … Read more

IBM will outline plans tomorrow to integrate its various applications for cities into one offering as it attempts to tap into a growing market.

In many respects, Big Blue is following the money. IDC reckons that information technology upgrades for cities will be worth $57 billion in 2014, up from $34 billion in 2011.

These cities are struggling with budget and infrastructure constraints as well as an influx of residents. IBM's plan is to take its software used in various projects--Rio, Memphis, and New York to name a few--and integrate them into one system dubbed the IBM Intelligent Operations … Read more

Two researchers say they canceled a talk at a security conference today on how to attack critical infrastructure systems, after U.S. cybersecurity and Siemens representatives asked them not to discuss their work publicly.

"We were asked very nicely if we could refrain from providing that information at this time," Dillon Beresford, an independent security researcher and a security analyst at NSS Labs, told CNET today. "I decided on my own that it would be in the best interest of security...to not release the information."

Beresford said he and independent researcher Brian Meixell planned on … Read more

The U.S. government is warning critical-infrastructure operators of a serious hole in software used in oil and gas; water; electric utilities; and manufacturing plants around the world.

The stack overflow vulnerability affects the Genesis32 supervisory control and data acquisition (SCADA) and BizViz software sold by ICONICS, according to an advisory (PDF) released yesterday by the Department of Homeland Security's ICS-CERT (Industrial Control Systems Cyber Emergency Response Team). ICONICS has issued a patch to close the hole, which could allow an attacker to remotely execute code and take control of the computer.

Meanwhile, an exploit targeting the vulnerability was … Read more

Cyber attacks on critical infrastructure companies are on the rise, with a jump in extortion attempts and malware designed to sabotage systems, like Stuxnet, according to a new report.

While attacks are increasing, many companies aren't doing enough to protect their systems and are instead rushing to adopt new technologies--such as Smart Grid--without ensuring they adequately secure against cyber attacks, concludes "In the Dark: Crucial Industries Confront Cyberattacks."

The report, due to be released on Tuesday, was commissioned by McAfee and written by the Center for Strategic and International Studies (CSIS). It includes results from an electronic … Read more

Flaws in SCADA software, used to monitor and control sensors and operations at utilities and other critical infrastructure facilities, seem to keep coming out of the woodwork:

• Last week, the U.S. ICS-CERT (Industrial Control System Computer Emergency Response Team) issued several advisories about vulnerabilities exposed in SCADA (supervisory control and data acquisition) software. One was in an ActiveXcontrol in WellinTech KingView V6.53 human machine interface (HMI) software used in power, water, and aerospace industries, mostly in China. The researcher publicly released exploit code for the hole and the vendor released an update that resolves the problem. The second … Read more

The U.S. government is warning that critical infrastructure systems are at risk of being compromised or attacked in response to the public release of exploits for dozens of holes in four different supervisory control and data acquisition, or SCADA software products.

Saying he had no previous knowledge of SCADA systems before beginning his analysis "some months ago," Italian researcher Luigi Auriemma yesterday posted proof-of-concept software targeting Siemens Tecnomatix FactoryLink, Iconics GENESIS32 and GENESIS64, 7-Technologies IGSS (Interactive Graphical SCADA System) and DATAC RealWin products to the BugTraq security e-mail list.

SCADA systems allow employees at utilities and other … Read more

The year 2010 will probably be remembered at the year that cloud computing "shaped" itself into a tangible concept, at least amongst those of us who care. 2011, on the other hand, will likely be the year in which IT figures out how to actually use cloud concepts.

Of course there are success stories dating back two or more years, but what is happening so far in 2011 is a growing body of businesses, data, and applications that were born and cultivated in the cloud. Add to that the online and conference communities forming around cloud and new … Read more