Atlanta – Sophisticated attacks like Stuxnet aren’t necessary to compromise industrial control systems for dams, power plants, chemical plants and the like. Rather, simple phishing attacks followed up by using tools that are easily available through Metasploit will do the trick, security pros were told at a conference in Atlanta this week.
Even with firewalls in place and buffering access to control devices through a server protected in a DMZ, simple-to-execute attacks succeed, said Chris Shipp, a contractor who is director of cyber security for the U.S. Department of Energy, Strategic Petroleum Reserve, in a talk to (ISC)² Security Congress. Shipp stressed that he was speaking as an independent security professional, not as a DoE representative.
To read this article in full or to leave a comment, please click here