Popular Posts

Thursday, March 03, 2016

DIA: Russian Software Could Threaten U.S. Industrial Control Systems

The Defense Intelligence Agency warned this month that Russian government hackers could penetrate U.S. industrial control networks using commercial security software.

The agency stated in a recent notice circulated within the Pentagon that security software being developed by Kaspersky Lab, a Russian-origin company, will create vulnerabilities for U.S. industrial control systems and so-called supervisory control and data acquisition software, or SCADA, systems, if purchased and deployed by American utilities.

A DIA spokesman declined to comment on the report.

Kaspersky Lab, in a statement, denied its security products could be used against U.S. infrastructure.

In a related development, two U.S. military commanders urged Defense Secretary Ash Carter earlier this month to do more to defend critical infrastructure from cyber attacks against industrial control systems.

“We respectfully request your assistance in providing focus and visibility on an emerging threat that we believe will have serious consequences on our ability to execute assigned missions if not addressed – cyber security of [Defense Department] critical infrastructure Industrial Control Systems,” Northern Command’s Adm. William Gortney and Pacific Command’s Adm. Harry Harris stated in a Feb. 11 letter to Carter.

More here

4 comments:

  1. Our DIA and intelligence community in general
    was weakened when the Clintons first took over
    the WH. Weakened intelligence is what led to
    "911" and G.W.Bush and Congress leading us
    to war in the Middle East. And Bill Clinton sold our military secrets to our enemies. And now look at the world! A vote for Hillary is a vote for a final blow that will destroy America as the free republic it was created to be.

    ReplyDelete
  2. I am glad I have stayed away from that anti virus product. I had a feeling something was up.

    ReplyDelete
  3. I used to use Kaspersky AV Software but found that several years ago new versions wanted more and more control of my machine. So I stopped buying their stuff and went with something free, Panda. This alert may have merit but know this about the industrial control systems [ICS] they're taking about.
    1.) ICS operating systems make setting secure passwords difficult, as the password size is very small and the system allows only group passwords at each level of access, not individual passwords.
    2.) Many ICS protocols transmit messages in clear text across the transmission media, making them susceptible to eavesdropping by adversaries.
    3.) Many ICS protocols have no authentication at any level. Without authentication, there is the potential to replay, modify, or spoof data or to spoof devices such as sensors and user identities.
    4.) SCADA and industrial protocols, such as MODBUS/TCP, EtherNet/IP, and DNP318 were designed without security built in and do not typically require any authentication to remotely execute commands on a control device.
    The above is more the likely culprit then the AV software.

    ReplyDelete
  4. Thumb drive a computer and I don't own a cell phone. I only use cash. Never had a problem with virus.

    ReplyDelete

Note: Only a member of this blog may post a comment.