Power plants vulnerable to hackers: security firm

May 20, 2011
Photo illustration of a nuclear power plant in Pottstown, Pennsylvania. US computer security research firm NSS Labs warned that it uncovered new ways that hackers could sabotage power plants, oil refineries or manufacturing operations.

US computer security research firm NSS Labs warned that it uncovered new ways that hackers could sabotage power plants, oil refineries or manufacturing operations.

"This is a global problem," NSS chief executive Rick Moy told AFP.

"There are no fixes to this right now," he continued. "Bad guys would be able to cause real environmental and physical problems and possibly loss of life."

NSS said that it shared its findings with the US Computer Emergency Readiness Team and was briefing legitimate industrial facilities that are at risk but was revealing little publicly for the sake of safety.

NSS researcher Dillon Beresford reported finding "multiple vulnerabilities" in Siemens programmable logic controllers (PLCs) used in plants worldwide to automatically regulate temperatures, pressures, turbine speeds, and more.

Those are the same devices targeted by a Stuxnet virus evidently crafted to disable an Iranian .

While the Stuxnet virus struck at PLCs through a plant's , Beresford discovered ways to reprogram the devices directly if they can be reached on a network, according to Moy.

"The security of these systems is not what it should be," Moy said.

"Comments were made that it took a nation state millions of dollars and teams of people to create Stuxnet," he continued. "We don't believe that to be true; it was not that hard to create these problems."

Beresford came up with the attacks in less than three months with a budget of $2,000 to $3,000 dollars, according to NSS.

NSS has shared its findings with the US and Germany-based Siemens, which downplayed concerns that an attack could be pulled off outside the lab and said it was working to address the vulnerabilities.

Explore further: Turkey still hopes Twitter will open local office

add to favorites email to friend print save as pdf

Related Stories

World's first 'cyber superweapon' attacks China

Sep 30, 2010

A computer virus dubbed the world's "first cyber superweapon" by experts and which may have been designed to attack Iran's nuclear facilities has found a new target -- China.

Stuxnet worm rampaging through Iran: IT official

Sep 27, 2010

The Stuxnet worm is mutating and wreaking further havoc on computerised industrial equipment in Iran where about 30,000 IP addresses have already been infected, IRNA news agency reported on Monday. ...

Recommended for you

Net neutrality balancing act

17 hours ago

Researchers in Italy, writing in the International Journal of Technology, Policy and Management have demonstrated that net neutrality benefits content creator and consumers without compromising provider innovation nor pr ...

Twitter rules out Turkey office amid tax row

Apr 16, 2014

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

Apr 16, 2014

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

spectator
not rated yet May 20, 2011
You know...

This is not the sort of thing I want to hear about.

Whenever you consult someone to help identify security risks, you shouldn't then go on the internet and broadcast to the world that you actually have security risks.

"Hey everybody, we're vulnerable!"

Seriously.
AJaremko
not rated yet May 20, 2011
Interesting use of a photo of a nuclear power plant to illustrate a story about risks at many kinds of industrial facilities. Do we remember Bhopal? I'd suggest plants manufacturing phosgene or chorine might be a greater hazard. But then, there's a nuclear=catastrophe conditioned reflex the media have learned to reinforce and use.
COCO
1 / 5 (1) May 24, 2011
is it true that the Stuxnet virus was released by Al Ciada causing much of this worry and maybe the malfunctions in Japan?

More news stories

Hackathon team's GoogolPlex gives Siri extra powers

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Better thermal-imaging lens from waste sulfur

Sulfur left over from refining fossil fuels can be transformed into cheap, lightweight, plastic lenses for infrared devices, including night-vision goggles, a University of Arizona-led international team ...

Chronic inflammation linked to 'high-grade' prostate cancer

Men who show signs of chronic inflammation in non-cancerous prostate tissue may have nearly twice the risk of actually having prostate cancer than those with no inflammation, according to results of a new study led by researchers ...