FAS

Weaknesses in Industrial Cyber Security Described

08.02.10 | 1 min read | Text by Steven Aftergood

The vulnerabilities of critical energy infrastructure installations to potential cyber attack are normally treated as restricted information and are exempt from public disclosure.  But a recent Department of Energy report was able to openly catalog and describe the typical vulnerabilities of energy infrastructure facilities because it did not reveal the particular locations where they were discovered.

“Although information found in individual… vulnerability assessment reports is protected from disclosure, the security of the nation’s energy infrastructure as a whole can be improved by sharing information on common security problems,” the DOE report (pdf) said. “For this reason, vulnerability information was collected, analyzed, and organized to allow the most prevalent issues to be identified and mitigated by those responsible for individual systems without disclosing the identity of the associated… product.”

The specific vulnerabilities that were found are no big surprise — open ports, unsecure coding practices, and poor patch management.  But by describing the issues in some detail, the new report may help to demystify the cyber security problem and to provide a common vocabulary for publicly addressing it.  See “NSTB Assessments Summary Report: Common Industrial Control System Cyber Security Weaknesses,” Idaho National Laboratory, May 2010.

publications
See all publications
Environment
Press release
Position on S.1166, The Excess Urban Heat Mitigation Act

Extreme heat is the leading weather-related cause of injury and death and innovations in the built environment can save money and lives.

04.01.25 | 1 min read
read more
Environment
day one project
Policy Memo
Empowering States for Resilient Infrastructure by Diffusing Federal Responsibility for Flood Risk Management

By requiring all states to conduct flood infrastructure vulnerability assessments (FIVAs), the federal government can limit its financial liability while advancing a more efficient and effective model of flood resilience that puts states and localities at the fore.

03.31.25 | 7 min read
read more
Education & Workforce
Blog
Appreciation for a Department of Education Tour of Service

FAS is invested in seeing more students gain science and technology skills and enter STEM careers, both for students and for our country’s competitive advantage.

03.26.25 | 3 min read
read more
Emerging Technology
Issue Brief
Securing American AI Leadership: A Strategic Action Plan for Innovation, Adoption, and Trust

To sustain America’s leadership in AI innovation, accelerate adoption across the economy, and guarantee that AI systems remain secure and trustworthy, we offer a set of policy recommendations.

03.24.25 | 23 min read
read more