Salon.com > infrastructure

Over 100,000 open servers leave U.S. infrastructure vulnerable

Wed, 24 Apr 2013 20:36:00 +0000

Since former Defense Secretary Leon Panetta last year warned of the risks of a "cyber Pearl Habor" striking U.S. infrastructure, experts have been arguing back and forth about the scale of cyberthreats facing the U.S. This week, researchers from security firm Rapid7 said that critical infrastructure, including oil and gas systems, medical devices, naval ships faced very real risks of manipulation, owing to over 100,000 open servers used for remote access into their managing systems.

Via TechWeek:

Fixing Obama’s “fix it first” infrastructure plan

Tue, 09 Apr 2013 21:15:00 +0000

Seventy thousand bridges in America are structurally deficient. Fixing this and other critical problems with our national infrastructure is a policy no-brainer.

In this year’s State of the Union address, President Obama unveiled his “fix it first” plan, a $50 billion program for repairing the nation’s roads, highways, bridges and transit systems. Although this is a step in the right direction, the plan should also meet the concerns of the newly emerging transportation-justice movement, about which we have heard nothing from the president so far.

The Obama administration last directed major funds toward infrastructure as a part of the 2009 American Recovery and Reinvestment Act (ARRA). The government spent more than $31 billion, with a focus on “shovel-ready” projects.

Critical infrastructure vulnerable to simple cyber-attacks

Fri, 18 Jan 2013 15:47:00 +0000

Spearphishing -- the technique by which hackers gain access to computer networks through sending misleading, malicious emails which users click on -- is a risk to more than just small computer networks. According to the New York Times' "Bits" blog, critical infrastructure like "watersheds, power grids, oil refineries and nuclear plants" are vulnerable to spearphishing attacks.

"Spearphishing is so easy to deploy and effective that 91 percent of targeted attacks start with malicious e-mails, according to TrendMicro, a computer security firm with headquarters in Tokyo. But that same method could be used to harm utilities, power plants, gas pipelines and watersheds," wrote Nicole Perlroth.

In a demonstration to test the vulnerability to such an attack at power plants and oil pipelines, Tyler Klinger, a security researcher at Critical Intelligence sent targeted emails -- the sort that might conceal a spearphish -- to control room supervisors and engineers. The emails were easily accessible through LinkedIn and sales team contact sites.