Claims from a cyber-security researcher are prompting the U.S. Government to take action. The government is looking into a possible flaw in software that specializes networking equipment from Siemens. The flaw could allow hackers to infiltrate power plants and other important systems.
Reuters is reporting that last Friday at a conference in Los Angeles, Justin W. Clarke, an expert in securing industrial control systems, announced that he had figured out a way “to spy on traffic moving through networking equipment manufactured by Siemens’ RuggedCom division.”
Clarke added that the flaw in the networking system is alarming because it can allow hackers to monitor the communications of operators and that could enable hackers to “gain credentials to access computer systems that control power plants and other critical systems.”
“If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you,” Clarke said.
In an alert release from the Department of Homeland Security, it said they “had asked RuggedCom to confirm the vulnerability that Clarke, a 30-year-old security expert who has long worked in the electric utility field, had identified and identify steps to mitigate its impact.”
RuggedCom said they were looking into the claim. But, this isn’t the first time they have been under fire with Clarke’s findings. Back in May, the company released an update to one of the operating systems because Clarke found a “back door” hackers could access to obtain passwords.
Clarke said that problem will be tough to fix because all Rugged Operating System software uses a single software “key” to decode traffic that is encrypted as it travels across the network.
The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team said in its advisory, “that government analysts were working with RuggedCom and Clarke to figure out how to best mitigate any risks from the newly identified vulnerability.”
RuggedCom, a subsidiary of Siemens based in Canada products are used primarily by power companies to help communicate with power stations in remote area. Clarke obtained RuggedCom’s products by purchasing them through eBay.