How insecure is our energy infrastructure? This Wednesday at the Black Hat conference in Las Vegas, security researchers are set to show off an exploit of a newly discovered vulnerability in a wireless sensor widely used in oil, gas and water processing plants:
The new research on wireless sensors found flaws in the way they handle encryption, Lucas Apa and Carlos Mario Penagos of security consulting firm IOActive Inc told Reuters.
They said they could contact some of the sensors with radio transmissions from as far as 40 miles (64 km) away and alter pressure, volume and other readings. If the overall control systems act on those readings without a failsafe, the researchers said, they could permanently disable a pipeline or plant.
The sensors typically cost $1,000 or $2,000 and are deployed in the hundreds or thousands at a single oil, gas or water processor. The researchers said the flaws were found in devices supplied by three of the largest vendors in the field, but declined to identify them.
Cyber warfare is a real. Just because America hasn’t been hit yet doesn’t mean that it can’t or won’t be. Reasonable people can disagree about whether the NSA’s data collection programs adequately protect Americans’ rights, but they are only a part of the picture. Intelligence can give our government some insight on threats just over the horizon; it can also reveal weaknesses in adversaries’ networks. Exploits like Stuxnet, also rumored to have been developed by the NSA, serve to strengthen our offensive capabilities. But defensively hardening our infrastructure is at least as important as the rest of our efforts.
No time like the present to get started!
[Petrochemical plant photo courtesy of Shutterstock.]