Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Publishes Industrial Complex Hack

Posted by samzenpus on from the who-runs-the-power-plant dept.

snydeq writes "Security researcher Kevin Finisterre has published code that could be used to take control of computers used to manage industrial machinery, potentially giving hackers a back door into utility companies, water plants, and even oil and gas refineries. The code exploits a flaw in supervisory control and data acquisition software from Citect. The vendor has released a patch and risk arises only for systems connected directly to the Internet without firewall protection. Finisterre, however, sees the issue as indicative of a 'culture clash' between IT and process control engineers, who are reluctant to bring computers off-line for patching due to the potential havoc wreaked by downtime. 'A lot of the people who run these systems feel that they're not bound by the same rules as traditional IT,' Finisterre said. 'Their industry is not very familiar with hacking and hackers in general.'"

3 of 190 comments (clear)

  1. IT needs to serve the customers needs. by geekoid · · Score: 1, Troll

    "who are reluctant to bring computers off-line for patching due to the potential"

    no shit? of course they are, an and industrial machine should ahve to come down for patching.
    This is why Windows should not be used in 24/7 industrial work.

    Computers need to live up to the needs of the industrial machines they serve, not the other way around.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  2. Re:Why ... by fishbowl · · Score: 0, Troll

    >b) Keeping them offline might make sense for security, but it makes servicing them more difficult, >and so more people need to be hired, and so it is more expensive (which is bad, apparently)

    Yes, some CEO might only get $16,935,000 in their bonus instead of the full $17,000,000. And if that happens, apparently the economy will collapse.

    --
    -fb Everything not expressly forbidden is now mandatory.
  3. Re:Why ... by the_B0fh · · Score: 0, Troll

    You are ignorant. Show me one unmanned offshore oil rig, and I'll split the salvage rights with you.

    The engineers on oil rigs 2 months/1month rotations (or similar).

    Please don't come up with unsupportable examples.

    Even more importantly - why the fuck are you guys so interested in doing extra overtime? If the equipment/situation is so critical, the organization should be paying for enough hands to cover the problem.