DHS Alert: Heartbleed May Have Been Used against Industrial Control Systems

By Clayton, Mark | The Christian Science Monitor, April 11, 2014 | Go to article overview

DHS Alert: Heartbleed May Have Been Used against Industrial Control Systems


Clayton, Mark, The Christian Science Monitor


The threat from the cybervulnerability dubbed Heartbleed reaches well beyond Web businesses and social networks into the industrial systems that power the US economy, apparently including those used to operate the US power grid.

Unconfirmed reports that Heartbleed has already been used to attack encrypted communications systems of US industrial control systems are being investigated, the US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) announced in an alert Friday.

"ICS-CERT is aware of reports of attempted exploitation and is in the process of confirming these reports," read the alert. "ICS-CERT continues to monitor the situation closely and encourages entities to report any and all incidents regarding this vulnerability to DHS."

At the same time, industrial firewall-maker Innominate Security Technologies AG of Berlin on Friday informed its customers in an e- mail that some of its firmware products used in industrial firewall systems were vulnerable to Heartbleed attacks. Innominate's industrial firmware is used by several US industrial cybersecurity companies, but it may not be too widespread, some cybersecurity experts said.

Still, users of the vulnerable versions of the Innominate firmware were "strongly recommended to update the device" with a new, patched version and change the encryption key of the device, the company said in its release.

Among electric utilities, chemical plants, and other critical infrastructure companies using certain encrypted communications to communicate with their most sensitive industrial processes, Heartbleed holds potential to lay bare encrypted communications between the company's central controllers and vital but often far- flung processes - ranging from substations to refineries to chemical plants.

But at this point, the extent to which vulnerable versions of OpenSSL encryption software have been deployed in industrial settings isn't clear. The trend in recent years, experts say, has been to replace telephone connections with Internet connections protected by such encryption.

"The impact of the Heartbleed vulnerability on the cyber security of critical infrastructure (where it involves industrial control systems) is minimal," writes Ralph Langner, an industrial control systems expert who first identified Stuxnet as a cyberweapon, in an e-mail. "The majority of this infrastructure still uses non- encrypted and non-authenticated protocols" - a far worse vulnerability that may nevertheless lower the Heartbleed problem in the pecking order of industrial cybervulnerabilities.

There's also the question of how widespread the Heartbleed vulnerability is across the industrial control systems landscape. A snapshot of potentially affected Innominate-related equipment using the SHODAN search engine, which indexes industrial control systems, revealed that 1,500 or so systems worldwide are affected, with just over 200 US systems. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Note: primary sources have slightly different requirements for citation. Please see these guidelines for more information.

Cited article

DHS Alert: Heartbleed May Have Been Used against Industrial Control Systems
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen
Items saved from this article
  • Highlights & Notes
  • Citations
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Search by... Author
    Show... All Results Primary Sources Peer-reviewed

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.