Skip to main content

Researchers Withhold Demonstration Of Industrial Vulnerabilities Due To Security Concerns

A demonstration of the vulnerabilities in Siemen AG's industrial control systems has been delayed at the request of security agencies.

The demonstration, entitled “Chain Reaction- Hacking SCADA” was the brainchild of NSS Labs security analyst Dillon Beresford, and Brian Meixell, an independent security researcher.

The duo planned to enlighten all concerned parties how the numerous security lapses present in Siemen’s Industrial Control Systems could allow hackers to remotely control their entire IT infrastructure, exposing German manufacturer’s power plants and factories to cyber attacks.

However, Siemen authorities and the Department of Homeland Security expressed grave concerns over the proposed disclosure of this sensitive information to the public before Siemens is able to find a patch for the problem.

"We were asked very nicely if we could refrain from providing that information at this time. I decided on my own that it would be in the best interest of security to not release the information,” Beresford told CNET (opens in new tab).

These vulnerabilities were most famously exploited in the STUXNET attack that targeted Iranian nuclear enrichment program, but the generic attack could be used against a large variety of industrial plants.