FAS

Weaknesses in Industrial Cyber Security Described

08.02.10 | 1 min read | Text by Steven Aftergood

The vulnerabilities of critical energy infrastructure installations to potential cyber attack are normally treated as restricted information and are exempt from public disclosure.  But a recent Department of Energy report was able to openly catalog and describe the typical vulnerabilities of energy infrastructure facilities because it did not reveal the particular locations where they were discovered.

“Although information found in individual… vulnerability assessment reports is protected from disclosure, the security of the nation’s energy infrastructure as a whole can be improved by sharing information on common security problems,” the DOE report (pdf) said. “For this reason, vulnerability information was collected, analyzed, and organized to allow the most prevalent issues to be identified and mitigated by those responsible for individual systems without disclosing the identity of the associated… product.”

The specific vulnerabilities that were found are no big surprise — open ports, unsecure coding practices, and poor patch management.  But by describing the issues in some detail, the new report may help to demystify the cyber security problem and to provide a common vocabulary for publicly addressing it.  See “NSTB Assessments Summary Report: Common Industrial Control System Cyber Security Weaknesses,” Idaho National Laboratory, May 2010.

publications
See all publications
Nuclear Weapons
Blog
New Voices on Nuclear Weapons Fellowship: Creative Perspectives on Rethinking Nuclear Deterrence 

To empower new voices to start their career in nuclear weapons studies, the Federation of American Scientists launched the New Voices on Nuclear Weapons Fellowship. Here’s what our inaugural cohort accomplished.

11.28.23 | 3 min read
read more
Science Policy
Article
Expected Utility Forecasting for Science Funding

Common frameworks for evaluating proposals leave this utility function implicit, often evaluating aspects of risk, uncertainty, and potential value independently and qualitatively.

11.20.23 | 11 min read
read more
Nuclear Weapons
Report
Nuclear Notebook: Nuclear Weapons Sharing, 2023

The FAS Nuclear Notebook is one of the most widely sourced reference materials worldwide for reliable information about the status of nuclear weapons and has been published in the Bulletin of the Atomic Scientists since 1987. The Nuclear Notebook is researched and written by the staff of the Federation of American Scientists’ Nuclear Information Project: Director Hans […]

11.17.23 | 1 min read
read more
Social Innovation
Blog
Community School Approach Reaches High of 60%, Reports Latest Pulse Panel

According to the National Center for Education Statistics’ August 2023 pulse panel, 60% of public schools were utilizing a “community school” or “wraparound services model” at the start of this school year—up from 45% last year.

11.17.23 | 4 min read
read more