Stuxnet hit the news five years ago when it was discovered infecting the industrial Supervisory Control And Data Acquisition systems of factories all across the world, up to and including nuclear plants. The breadth of the attack was a bit more than what Israeli intelligence and the NSA originally intended but they did succeed in severely damaging their actual target which was an Iranian uranium enrichment plant. Unfortunately it seems the development of Stuxnet might have been somewhat of a waste of resources as they could probably have achieved the same results with a simple man in the middle attack.
The Chatham House recently released a report on the state of security in nuclear power plants and facilities across the globe and the results are horrifying to say the least. From the overview that The Register provides the level of security present in many of these facilities is commensurate with your average high school. The idea that these plants are air-gapped is a fallacy and the code for the control systems can be easily altered remotely without the need to design a complex virus to infect them. Thankfully it is very difficult to cause a nuclear plant to go critical but these vulnerabilities can still cause damage to machinery and interfere with the plants ability to provide power to customers. You may not want to read the whole story if you want to sleep well tonight.
"The report adds that search engines can "readily identify critical infrastructure components with" VPNs, some of which are power plants. It also adds that facility operators are "sometimes unaware of" them."
Here is some more Tech News from around the web:
- AMD partners with Oculus and Dell to power Oculus ready PCs @ DigiTimes
- iOS malware YiSpecter: iPhones menaced by software nasty @ The Register
- Atom-thin transistor defies fundamental limits @ Nanotechweb
- Microsoft's big Tuesday reveal: New mobiles and slabs? Win 10 shock? @ The Register
- Chocolate Factory plops Marshmallow on Android slabs @ The Register
- Surface Book: MacBook Pro rival packs a Skylake chip and Nvidia GPU @ The Inquirer
- ASUS RT-AC87U & RT-AC3200 Routers Review @ Hardware Canucks
- NikKTech & Mionix Enjoy Gaming Worldwide Giveaway
- Win 1 of 3 be quiet! Silent Base 600 PC cases @ KitGuru
i think we all knew this, its
i think we all knew this, its been years since the U.S government has really invested in nuclear power infrastructure.All of our plants are soooo old we need to move to a safer more efficient nuclear power plant we need to move from plutonium and start using thorium,or start testing on helium 3
They better not run windows
They better not run windows 10 devices, as all the telemetry would be shared with everyone to better improve the terrorist experience!
“the code for the control
“the code for the control systems can be easily altered remotely”
Then how come it isnt being done? As I recall, the Stuxnet code was brought in on infected removable media by the engineers. I doubt the internet is a strong attack vector here.
Fact: Russian APPs (Atomic
Fact: Russian APPs (Atomic Power Plants) are at least x50 times as more secure than USA’s and Japan’s APPs combined altogether. Most of the European countries that have APPs in them (like France, for example) order their APPs from Russia and they’re being built by Russians themselves under contracts. After what happened in Chernobyl, in last twenty or so years Russia massively upped their APPs’ levels of safeness and radiation leakage prevention mechanisms, so much so that Russia’s APPs are now considered to be ones of the safest (if not THE safest already) nuclear-based energy producing plants on the entire planet.