US government warns over vulnerable control systems

Oil barrels Viruses have been written to attack oil treatment plants and other critical control systems

Related Stories

The US government has told thousands of companies to beef up protection of computers which oversee power plants and other utilities.

The action comes after a survey revealed that thousands of these systems can be found online.

The survey was carried out via a publicly available search engine that pinpointed computers controlling critical infrastructure.

In total, the survey uncovered more than 500,000 potential targets.

The survey was carried out by Bob Radvanovsky and Jacob Brodsky of security consultancy InfraCritical who investigated the potential threat to so-called Scada systems.

Scada (Supervisory Control and Data Acquisition) is the industry term for the computers behind the machinery in power plants, water treatment centres, traffic controls and other utilities.

"The biggest thing is we are trying to assign a number - a rough magnitude - to a problem plaguing the industry for some time now," said Mr Radvanovsky in a blogpost,

Target list

The pair wrote a series of scripts, small computer programs, that interrogated the Shodan search engine. Shodan was created to log machines connected to the internet in the same way Google logs webpage contents.

In their search scripts the pair used 600 terms compiled from lists of Scada manufacturers and the names and product numbers of the control systems they sell.

Armed with a list of 500,000 potential targets, they approached the US Department of Homeland Security who pared it down to the most important 7,200 targets. The DHS is now in the process of contacting the firms who own these computers to warn them they can be found online.

In many cases, said the pair, convenience had led companies to connect such important systems to the web.

"A lot of these guys want to fix things at 3am without driving three hours in each direction," wrote Mr Brodsky.

Mr Radvanovsky and Mr Brodsky did not test the computers they found to see how well they were protected. However, other researchers have found many weaknesses in the software used to control Scada systems via the net.

While attacks on critical infrastructure are relatively rare, recent months have seen viruses and other malicious programs hit control systems at oil treatment plants and other facilities.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

  • Cartoon of women chatting on the metroChat wagon

    The interesting things you hear in a women-only carriage


  • Replica of a cargo boxSpecial delivery

    The man who posted himself to the other side of the world


  • Music scoreFinal score Watch

    Goodbye to NYC's last classical sheet music shop


  • Former Secretary of State Hillary Rodham Clinton checks her Blackberry from a desk inside a C-17 military plane upon her departure from Malta, in the Mediterranean Sea, bound for Tripoli, Libya'Emailgate'

    Hillary gets a taste of scrutiny that lies ahead


BBC Future

wikipedia

The future of CGI... from 1982

How we forecast computer animation back then Read more...

Programmes

  • A cyborg cockroachClick Watch

    The cyborg cockroach - why has a computer been attached to this insect’s nervous system?

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.