Following the failed closure of the Cybersecurity Act, proposed by the Obama Administration in February, is the discovery of a security flaw in hardware produced by global powerhouse, Siemens (News - Alert).
According to BBC, Homeland Security is investigating a flaw found within hardware produced by RuggedCom, a “manufacturer of communications equipment for harsh environments” and a subsidiary of Siemens. The flaw, which was publicly revealed by a U.S. security researcher, Justin Clark, presented a vulnerability that could be exploited by hackers who could subsequently control utility systems.
Justin Clark, who has invested his time in searching for vulnerabilities in RuggedCom’s hardware purchased from Ebay told the press, “If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you.” He added, “According to this report, the vulnerability can be used to decrypt SSL traffic between an end-user and a RuggedCom network device.”
Homeland Security’s Industrial Control Systems Emergency Response Team or ICS-CERT assures the public that they are well aware of these findings.
The parties that proposed the Cyber Security Act could use this recent discovery as a reason to continue their cause through other means. One of the greatest arguments by those in support of the CSA bill is that businesses in the power industry should adhere to a unified set of cyber security regulations in order to protect the public against this type of terroristic activity.
A recent string of events could have triggered a sense of urgency from security sectors in the U.S. government to exercise greater vigilance over protecting the network security of power plants: First, the Stuxnet virus that infiltrated a network facility in Iran, then the recent discovery of the malware called Shamoon, and finally, the power outages that affected the D.C. area after last month’s storms.
Edited by Juliana Kenny