ICS-CERT: U.S. Public Utility Hacked

Download our in-depth report: The Ultimate Guide to IT Security Vendors

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

Reuters reports that the U.S. Department of Homeland Security (DHS) has acknowledged that an unidentified public utility in the U.S. was recently compromised by a sophisticated hacker group.

In a report [PDF], DHS' Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) explained that the software used to mange the utility's control system was accessible via the Internet. "The systems were configured with a remote access capability, utilizing a simple password mechanism; however, the authentication method was susceptible to compromise via standard brute forcing techniques," the report states.

An ICS-CERT investigation found that the system had been breached previously, and worked with the utility's owners to evaluate the overall security of their infrastructure and to make practical recommendations for securing the control network.

"This incident highlights the need to evaluate security controls employed at the perimeter and ensure that potential intrusion vectors (ex: remote access) are configured with appropriate security controls, monitoring, and detection capabilities," the ICS-CERT report states.

Submit a Comment

Loading Comments...