Information Security News mailing list archives
Critical infrastructure hack data found in public domain
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 30 Jan 2014 09:16:24 +0000 (UTC)
http://eandt.theiet.org/news/2014/jan/ics-security.cfm By James Hayes Engineering and Technology Magazine 28 January 2014Data available from mainstream online media -- such as blogs, social networking websites, and specialist online publications -- could be used by malevolent agents to mount a cyber-attack on UK critical national infrastructure (CNI), the findings of an investigative assessment to be presented next week will warn.
Key information regarding vulnerabilities in Industrial Control Systems (ICSs) and Supervisory Control and Data Acquisition (SCADA) systems is now openly available from a range of sources on the public Internet, according to 'Using Open Source Intelligence to Improve ICS & SCADA Security' from UK design and engineering consultancy Atkins, being presented as part of the IET seminar 'Cyber Security for Industrial Control Systems' on 6 February in London.
The investigation discovered that many industrial sector websites and academic papers, for example, also provide some information about potential attack vectors, including the identification of engineering staff, their social media information used to corroborate control systems data, and their suitability for social engineering attempts.
The identification of known vulnerabilities and exploits against specific types of control systems can also be accessed online, along with the identification of third-parties such as contractors and control system integrators, who have detailed knowledge and physical network access.
[...] -- Subscribe to InfoSec News http://www.infosecnews.org/subscribe-to-infosec-news/
Current thread:
- Critical infrastructure hack data found in public domain InfoSec News (Jan 30)