FAS

Weaknesses in Industrial Cyber Security Described

08.02.10 | 1 min read | Text by Steven Aftergood

The vulnerabilities of critical energy infrastructure installations to potential cyber attack are normally treated as restricted information and are exempt from public disclosure.  But a recent Department of Energy report was able to openly catalog and describe the typical vulnerabilities of energy infrastructure facilities because it did not reveal the particular locations where they were discovered.

“Although information found in individual… vulnerability assessment reports is protected from disclosure, the security of the nation’s energy infrastructure as a whole can be improved by sharing information on common security problems,” the DOE report (pdf) said. “For this reason, vulnerability information was collected, analyzed, and organized to allow the most prevalent issues to be identified and mitigated by those responsible for individual systems without disclosing the identity of the associated… product.”

The specific vulnerabilities that were found are no big surprise — open ports, unsecure coding practices, and poor patch management.  But by describing the issues in some detail, the new report may help to demystify the cyber security problem and to provide a common vocabulary for publicly addressing it.  See “NSTB Assessments Summary Report: Common Industrial Control System Cyber Security Weaknesses,” Idaho National Laboratory, May 2010.

publications
See all publications
Government Capacity
Blog
Sacred Cows: What Did We Stop Questioning in Digital Government Delivery, but Should Now?

Let’s see what rules we can rewrite and beliefs we can reset: a few digital service sacred cows are long overdue to be put out to pasture.

04.10.26 | 8 min read
read more
Emerging Technology
Blog
Allies or Adversaries? Science Diplomacy’s Calibration in the President’s Budget Request

Nestled in the cuts and investments of interest to the S&T community is a more complex story of how the administration is approaching the practice of science diplomacy.

04.09.26 | 6 min read
read more
Clean Energy
Blog
DOE’s FY27 Budget Request: the Good, the Bad, and the Ugly

Surprise! It’s a double album drop with the release of both the President’s Budget Request (PBR to us, not Pabst Blue Ribbon) and the Department of Energy’s (DOE) Budget Justification for Fiscal Year 2027 (FY27) last Friday.

04.09.26 | 11 min read
read more
Government Capacity
Policy Memo
Report
A People-centered, Power-conscious Regulatory Democracy Balancing Distributive Justice and Delivery Efficacy

If properly implemented, a comprehensive reform program to accomplish regulatory democracy that is people-centered and power-conscious could be essential for addressing complex policy changes such as the climate challenge.

04.08.26 | 50 min read
read more