1. Home

Weekend Must-Read: ICSs May Not Be Safe from Heartbleed after All

April 12, 2014

Just because you've changed your Facebook and Dropbox passwords (you have, haven't you?) doesn't mean you can forget about Heartbleed. According to the Christian Science Monitor's Saturday edition, "Unconfirmed reports that Heartbleed has already been used to attack encrypted communications systems of US industrial control systems are being investigated, the US Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) announced in an alert Friday." 

Just how vulnerable industrial systems are is still unclear. 

Industrial firewall-maker Innominate Security Technologies AG of Berlin on Friday informed its customers in an e-mail that some of its firmware products used in industrial firewall systems were vulnerable to Heartbleed attacks. Innominate’s industrial firmware is used by several US industrial cybersecurity companies, but it may not be too widespread, some cybersecurity experts said. A snapshot of potentially affected Innominate-related equipment using the SHODAN search engine, which indexes industrial control systems, revealed that 1,500 or so systems worldwide are affected, with just over 200 US systems.

Ralph Langner of Stuxnet fame says “The impact of the Heartbleed vulnerability on the cyber security of critical infrastructure (where it involves industrial control systems) is minimal,”

But don't relax says Robert Radvanovsky, a cybersecurity researcher and co-founder of Infracritical, a think tank focused on shoring up cyberweaknesses in critical infrastructure. “It’s still very unclear just what type of systems are vulnerable to Heartbleed, and there will be many other systems not listed by SHODAN,” he says. “Right now the numbers look small, but it would be a mistake to take it easy.”

The complete story is here.

Continue Reading

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...

Latest from Home

Source: SOCAR and Honeywell
State Oil Co. of the Azerbaijan Republic’s (SOCAR) Turkey Aegean Refinery (STAR) in Aliaga, Izmir province can process 214,000 barrels of crude oil daily, and implemented Honeywell’s Forge managed security services (MSS) to increase cyber-resilience, expedite risk mitigation, shorten recovery time and improves safety record.
2501ct_cartoon
shutterstock_1353888704

Most Read

Sponsored