Security Double Dutch: Critical infrastructure gaps in the Netherlands highlighted
By Andy Bochman
Hat tip to friend and colleague Steve D for shooting this my way...
Security researcher Oscar Koeroo, working for the Dutch nuclear physics institute NIKHEF, found out that national infrastructural systems were listed on Shodan, (a database of cyber security vulnerabilities) and could be easily accessed remotely. Those systems, controlling pumping stations and sluices, are vital for the water management of a large part of the Netherlands. Because a large part of the country lies below sea-level, those systems keep the Dutch feet dry!
I've been to the Netherlands several times and saw the country in the news a lot recently when UberStorm Sandy raised concerns that New York City should perhaps get similar types of protective systems. I can assure you that this is about much more than a preference for dry feet.
Read on to find out how control system search engine Shodan once again reveals what systems are directly connected to the Internet. Warning, it paints a full picture, but it's not a pretty picture, and hopefully you won't find systems in your charge popping up in the findings window!
Here's the complete article from Tofino, replete with lurid details of password mismanagement, accusations, denials and counter-accusations, and that sort of thing. Best keep a Heineken or two handy.
Andy Bochman is the Energy Security Lead for IBM's Systems Security. A contributor to industry and national security working groups on energy security and cyber security, Andy lives in Boston, is an active member of the MIT Energy Club, and is the founder of the Smart Grid Security and DOD Energy Blogs.
Read more from Andy on smart grid security...