FAS

Weaknesses in Industrial Cyber Security Described

08.02.10 | 1 min read | Text by Steven Aftergood

The vulnerabilities of critical energy infrastructure installations to potential cyber attack are normally treated as restricted information and are exempt from public disclosure.  But a recent Department of Energy report was able to openly catalog and describe the typical vulnerabilities of energy infrastructure facilities because it did not reveal the particular locations where they were discovered.

“Although information found in individual… vulnerability assessment reports is protected from disclosure, the security of the nation’s energy infrastructure as a whole can be improved by sharing information on common security problems,” the DOE report (pdf) said. “For this reason, vulnerability information was collected, analyzed, and organized to allow the most prevalent issues to be identified and mitigated by those responsible for individual systems without disclosing the identity of the associated… product.”

The specific vulnerabilities that were found are no big surprise — open ports, unsecure coding practices, and poor patch management.  But by describing the issues in some detail, the new report may help to demystify the cyber security problem and to provide a common vocabulary for publicly addressing it.  See “NSTB Assessments Summary Report: Common Industrial Control System Cyber Security Weaknesses,” Idaho National Laboratory, May 2010.

publications
See all publications
Environment
day one project
Policy Memo
Maintaining American Leadership through Early-Stage Research in Methane Removal

A deeper understanding of methane could help scientists better address these impacts – including potentially through methane removal.

06.30.25 | 6 min read
read more
Global Risk
Blog
Report
Planning for the Unthinkable: The targeting strategies of nuclear-armed states

While it is reasonable for governments to keep the most sensitive aspects of nuclear policies secret, the rights of their citizens to have access to general knowledge about these issues is equally valid so they may know about the consequences to themselves and their country.

06.30.25 | 4 min read
read more
Emerging Technology
Blog
Translating Vision into Action: FAS Commentary on the NSCEB Final Report and the Future of U.S. Biotechnology

Advancing the U.S. leadership in emerging biotechnology is a strategic imperative, one that will shape regional development within the U.S., economic competitiveness abroad, and our national security for decades to come.

06.27.25 | 15 min read
read more
Emerging Technology
day one project
Policy Memo
Measuring and Standardizing AI’s Energy and Environmental Footprint to Accurately Access Impacts

Inconsistent metrics and opaque reporting make future AI power‑demand estimates extremely uncertain, leaving grid planners in the dark and climate targets on the line

06.27.25 | 15 min read
read more