By Julian Hattem - 05/21/14 09:02 AM EDT
A “sophisticated” hacker broke into a public utility’s control system network, according to the Department of Homeland Security.
The department’s response team for cyber emergencies did not provide additional details about the utility in a report issued this week, but said that the network was accessible over the Internet, as opposed to more secure, closed-off systems. The system had likely been hacked before, the team said.
“This incident highlights the need to evaluate security controls employed at the perimeter” and make sure that possible access points for hackers “are configured with appropriate security controls, monitoring, and detection capabilities,” the DHS Industrial Control Systems Cyber Emergency Response Team said.
“Internet facing devices have become a serious concern over the past few years with remote access demands giving way to insecure or vulnerable configurations,” it added.
Reuters reported that DHS officials were able to beef up the utility’s security before its operations were affected.
The DHS team claimed that simple search engines like Google allow hackers to find internal control systems that are supposed to be hidden. Using well-known security flaws like the “Heartbleed” bug, hackers can then go after those systems to snatch internal information.
“As tools and adversary capabilities advance, we expect that exposed systems will be more effectively discovered, and targeted by adversaries.”
In addition to the public utility, the DHS team also said that an unnamed mechanical device’s network had been attacked by hackers through a similar means.