Critical infrastructure hack data found in public domain

[InfoSec News <alerts () infosecnews org>]

http://eandt.theiet.org/news/2014/jan/ics-security.cfm

By James Hayes
Engineering and Technology Magazine
28 January 2014

Data available from mainstream online media -- such as blogs, social 
networking websites, and specialist online publications -- could be used 
by malevolent agents to mount a cyber-attack on UK critical national 
infrastructure (CNI), the findings of an investigative assessment to be 
presented next week will warn.

Key information regarding vulnerabilities in Industrial Control Systems 
(ICSs) and Supervisory Control and Data Acquisition (SCADA) systems is now 
openly available from a range of sources on the public Internet, according 
to 'Using Open Source Intelligence to Improve ICS & SCADA Security' from 
UK design and engineering consultancy Atkins, being presented as part of 
the IET seminar 'Cyber Security for Industrial Control Systems' on 6 
February in London.

The investigation discovered that many industrial sector websites and 
academic papers, for example, also provide some information about 
potential attack vectors, including the identification of engineering 
staff, their social media information used to corroborate control systems 
data, and their suitability for social engineering attempts.

The identification of known vulnerabilities and exploits against specific 
types of control systems can also be accessed online, along with the 
identification of third-parties such as contractors and control system 
integrators, who have detailed knowledge and physical network access.

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/