By using search engines dedicated to scanning all open ports, or scanning the ports themselves, hackers can remotely take control of critical private and public U.S. infrastructure run largely by industrial control systems (ICS) that weren't built with security in mind.
American water and energy providers are particularly vulnerable to cyberattack because their legacy ICSs were designed without security in mind, said the report from Cybernews, which found numerous examples of water and energy supplies that have been left open for tampering.
Unprotected ICS access points mostly include offshore and onshore oil wells, which CISA recently warned about, as well as public and private water distribution and treatment systems that could be accessed by anyone without passwords. "By accessing exposed onshore oil well ICS, we could take control of multiple oil silos and cause damage to U.S. energy supply by silencing alarms, opening and closing discharge gates, adjusting freefall setpoints, and more," the report said.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.