• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • Newest Hacker Target: Larger Systems That Run Everything Else

    The “systems that control our systems” are now among the most lucrative targets for hackers. Control systems are the computer programs that run and manage other computer programs. They manage water treatment plants, they run the D.C. Metro system, and they run the multitude of systems in hospitals.

    About a month ago, a pair of security researchers discovered vulnerabilities in a popular online control system, the Niagara Framework (NF). This vulnerability would have allowed hackers to breach the networks using NF and steal passwords and user names. This week, the Department of Homeland Security’s (DHS) Industrial Control System Computer Emergency Response Team announced that it felt that Tridium, a tech firm in Virginia, had fixed the security problems.

    This example demonstrates that control systems have developed into the main target in the cyber world today. These ubiquitous programs essentially run everything, and they have great potential—but also great vulnerability.

    NF is widely used (300,000 users in 52 countries), and chances are you have used a service that was controlled by it. NF controls systems as diverse as hospital beds, patient screening/monitoring, patient records, elevators, furnaces, and security cameras—and does it all remotely.

    This is a prime example of the difficulty of “covering all the bases” in the cyber world. Every day, we add more and more of these systems to ever more complex networks. It is efficient and cost effective, but it adds incredible vulnerabilities that even middle-grade hackers can penetrate and exploit. We should not retrench to the past, but leaders in government and business had better get a lot wiser with regard to security. Just because you “haven’t been hit yet,” that does not mean you are safe. In many cases, you simply don’t know that you have been hacked. Leaders should understand that the more an online control system can do, the more attractive it becomes as a target.

    We don’t need regulation (a la the Cybersecurity Act of 2012) of the cyber realm, but we do badly need leadership.

    Posted in Featured [slideshow_deploy]

    2 Responses to Newest Hacker Target: Larger Systems That Run Everything Else

    1. andy bochman says:

      Recommend Joe Weiss for anyone who wants to track related events or beef up on their control systems' security knowledge: http://community.controlglobal.com/unfettered

    2. Bobbie says:

      the criminal aspect out weighs the worth but what about people in control of the systems? What are their qualifications? There are people put in high places for ill intent as we've come to recognize.

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.