News

DHS Warns of Potential Control System Vulnerability

The U.S. Department of Homeland Security (DHS) on Tuesday issued an alert warning that industrial Ethernet switches and other devices made by network equipment manufacturer RuggedCom and widely used by power companies could be vulnerable to compromise.

The department’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Control Systems Security Program says in its advisory that the RSA Private PKI key for SSL communication between a client/user and a RuggedCom switch could allegedly be identified in the manufacturer’s Rugged Operating System (ROS). "An attacker may use the key to create malicious communication to a RuggedCom network device," the DHS warned. The vulnerability was remotely exploitable and could lead to loss of system integrity.

The vulnerability was publically presented by security researcher Justin W. Clarke of Cylance Inc. DHS said it had notified RuggedCom and asked that company to confirm the vulnerability.

Meanwhile, the DHS recommended that users take "defensive measures" to minimize the risk of exploitation, such as minimizing network exposure for all control system devices, locating control system networks behind firewalls, and isolating them from the business network, and employing secure methods such as virtual private networks if remote access is required.

"ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures," the DHS said. "Organizations that observe any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents."

The National Security Agency’s head, Gen. Keith Alexander, in July said at a public event (video) that there was a 17-fold increase in computer attacks affecting U.S. infrastructure between 2009 and 2011.

Earlier this month, malware known as Shamoon reportedly  targeted Saudi Aramco, Saudi Arabia’s national oil company. Evidence reportedly links the malware attack to a group of "hacktivists" protesting oppression in the Arab world.

Sources: POWERnews, DHS, NSA, Information Week

SHARE this article