The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, known as ICS-CERT, last week warned of a flaw that Santamarta found in equipment from Germany’s TURCK, which is used by manufacturers and agriculture firms in the United States, Europe and Asia.
The agency said attackers with “low” hacking skills could exploit the flaw, letting them remotely halt industrial processes. It advised customers to install a patch that would protect them against such attacks.
Director of National Intelligence James Clapper told a Senate committee in March that “less advanced, but highly motivated actors” could access some poorly protected control systems. They might cause “significant” damage, he warned, due to unexpected system configurations, mistakes and spillovers that could occur between nodes in networks.
‘A MATTER OF TIME’
ICS-CERT posts dozens of alerts and advisories about vulnerabilities in industrial control systems on its website each year. Companies whose products were named in their alerts include General Electric Co, Honeywell International Inc , Rockwell Automation Inc, Schneider Electric SA and Siemens AG.
Dale Peterson, CEO of industrial controls systems security firm Digital Bond, said infrastructure control systems are highly vulnerable to cyber attacks because designers did not take security into consideration when they developed the technology.
While hackers have yet to launch a destructive attack on U.S. infrastructure, plenty have the skills to do so. “I would say it is only because no one has wanted to do it,” said Peterson, who began his career as a code breaker with the National Security Agency.
House Intelligence Committee Chairman Mike Rogers said terrorists are among the groups looking to acquire the capability to launch a cyber attack on U.S. infrastructure, but he believes they do not yet have that ability.