NGI The Weekly Gas Market Report / NGI All News Access

Firm Warns of Security 'Hole' in Utility Software

A Boston-based high-tech firm, Core Security Technologies, claimed last Wednesday to have discovered a deficiency in key software used by natural gas pipelines and other utility operations that could make them vulnerable to hackers. Core Security representatives described the potential security problem to the Associated Press, which released a wire report on the firm's allegations.

In addition, the computer systems security specialist issued an announcement Wednesday, disclosing a vulnerability that could severely impact organizations relying on industrial process control software called "CitectSCADA."

Core Security said its discovery "indicates that thousands of companies using Citect's SCADA systems could unknowingly be exposing critical industrial processes and assets that they otherwise sought to protect if they do not immediately move to apply the vendor-provided patch, or other suggested workarounds for the vulnerability issued by the software maker."

According to the firm's research arm, CoreLabs, an attacker could potentially use the newly identified vulnerability to gain remote, unauthenticated access to a host system running CitectSCADA. If successfully exploited, the hackers could take control of operations dependent on the vulnerable software. A "rogue employee" also could access the system internally, according to AP's report.

In the extreme, security computer experts increasingly worry about the vulnerability of Internet-connected systems that operate the nation's water and energy infrastructures. Scenarios of entire cities' grids being shut down, water supplies being contaminated and power plants being caused to malfunction are some of the dire possibilities that are studied in these post-9/11 times.

"Despite the fact that nearly all SCADA software makers maintain a similar stance in terms of advising customers to keep the systems walled-off from the Internet, the reality is that many organizations do have their process control networks accessible from wireless and wired corporate data networks that are in turn exposed to public networks such as the Internet," CoreLabs expert said in the firm's written warning.

©Copyright 2008 Intelligence Press Inc. All rights reserved. The preceding news report may not be republished or redistributed, in whole or in part, in any form, without prior written consent of Intelligence Press, Inc.

ISSN © 2577-9877 | ISSN © 1532-1266
Comments powered by Disqus