Feds confirm prisons vulnerable to Stuxnet-like attack

[InfoSec News <alerts () infosecnews org>]

http://gcn.com/articles/2011/11/09/stuxnet-style-threat-prison-scada-systems.aspx

By Kevin McCaney
GCN.com
Nov 09, 2011

Federal authorities have confirmed an assertion by security researchers 
earlier this year that Stuxnet-like malware poses a potential threat to 
controls at prisons and penitentiaries across the country.

The researchers made their claim in a white paper published July 31, in 
which they say that the programmable logic controllers used to control 
doors, video systems, alarms and intercoms at prisons could be 
compromised and controlled remotely. They presented the paper at the 
recent Hacker Halted conference in Miami.

Sean McGurk, who headed DHS’ efforts on industrial control systems 
security until leaving in September, told the Washington Times’ Shaun 
Waterman that DHS had examined the research at Idaho National 
Laboratory’s ICS test bed and “validated” the claims.

A spokesman for the Federal Bureau of Prisons also told Waterman that 
the bureau is “aware of this research and taking it very seriously.”

The research team — security engineer and former CIA operations officer 
John Strauchs; his daughter Tiffany Rad, president of ELCnetworks; and 
information security consultant Teague Newman — began their work after a 
prison warden asked Strauchs to look into why all the cell doors on the 
prisons’ death row popped open one Christmas Eve.

[...]

_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn