Research: Industrial Networks Are Vulnerable To Devastating Cyberattacks

Patrick O'Neill writes: New research into Industrial Ethernet Switches reveals a wide host of vulnerabilities that leave critical infrastructure facilities open to attackers. Many of the vulnerabilities reveal fundamental weaknesses: Widespread use of default passwords, hardcoded encryption keys, a lack of proper authentication for firmware updates, a lack of encrypted connections, and more. Combined with a lack of network monitoring, researchers say the situation showcases "a massive lack of security awareness in the industrial control systems community."

Obligatory "why" post

[mattventura]

Every time some industrial networking vulnerability gets posted, people ask: "why are these connected to the internet to begin with?", so I'll get it out of the way: Why are these connected to the internet again? If you do need some sort of external access to them, it should be through some sort of application-level gateway so that access can be carefully controlled.