Industrial Control System security

Draped across the automobile’s front license plate is a printout, attached like it came off a roll of Scotch Tape. On the printout is a SQL statement; probably the last thing anyone would expect to see as a hood ornament. No one knows where the photograph came from or whether someone was trying to be funny, or legitimately trying to compromise the backend system controlling the traffic camera in the same photo. But one thing is for sure, this clever stunt has helped shed light on the insecurity of control systems.

An alert from the Department of Homeland Security late last week urges private- and public-sector industrial control system (ICS) owners to be proactive in auditing the security, particularly, authentication controls of their systems. The alert is in response to a growing concern over the number of exploit tools available online targeting ICS and SCADA systems responsible for running critical infrastructure, as well as an evolving interest from hacktivists who are using specialized search engines to find control systems reachable online.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.