January 24, 2012

Google Logo Add Us On GoogleAdd SciAm

Thousands of Industrial Systems Unwittingly Hooked Up to Internet

By Michael Moyer

Join Our Community of Science Lovers!

This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American

The computers that control large industrial control systems—the sewage plants, power stations, and assembly lines that keep civilization running—aren't supposed to be online. Computers online tend to get hacked, of course, and you wouldn't want your local power plant under rogue control. But a graduate student was able to locate and map more than 10,000 industrial control systems that are directly connected to the Internet, as reported by Kim Zetter at Wired's Threat Level Blog. What's more, only 17 percent of those devices bothered to ask for authorization to connect, suggesting that network managers simply didn't realize that their control systems were online.

The finding adds a discouraging twist to worries that hackers might take over critical infrastructure. Indeed, individuals have regularly managed to electronically penetrate industrial systems, with destructive real-world consequences. Last year, David Nicol of the University of Illinois described how hackers could conceivably take down a good portion of the U.S. power grid. His analysis relied on simple techniques commonly used by hackers to steal credit cards and the like; never did he assume that the important control systems would be sitting out in the open without any protections in place.

It's unclear how many of the 10,000 control systems were set up to control critical infrastructure like power stations, says Éireann P. Leverett, the researcher who published the study. He notified the U.S. Department of Homeland Security of his findings last September. But one thing is clear: If, as it appears, this many systems have been online without the knowledge of the people in charge, we can't let the assumption that something isn't connected to the Internet take the place of a real security protocol.

On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.

Image: Grizzly Peak Sub-Station, California; courtesy of Lawrence Berkeley National Lab

Michael Moyer is the editor in charge of physics and space coverage at Scientific American. Previously he spent eight years at Popular Science magazine, where he was the articles editor. He was awarded the 2005 American Institute of Physics Science Writing Award for his article "Journey to the 10th Dimension," and has appeared on CBS, ABC, CNN, Fox and the Discovery Channel. He studied physics at the University of California at Berkeley and at Columbia University.

More by Michael Moyer

It’s Time to Stand Up for Science

If you enjoyed this article, I’d like to ask for your support. Scientific American has served as an advocate for science and industry for 180 years, and right now may be the most critical moment in that two-century history.

I’ve been a Scientific American subscriber since I was 12 years old, and it helped shape the way I look at the world. SciAm always educates and delights me, and inspires a sense of awe for our vast, beautiful universe. I hope it does that for you, too.

If you subscribe to Scientific American, you help ensure that our coverage is centered on meaningful research and discovery; that we have the resources to report on the decisions that threaten labs across the U.S.; and that we support both budding and working scientists at a time when the value of science itself too often goes unrecognized.

In return, you get essential news, captivating podcasts, brilliant infographics, can't-miss newsletters, must-watch videos, challenging games, and the science world's best writing and reporting. You can even gift someone a subscription.

There has never been a more important time for us to stand up and show why science matters. I hope you’ll support us in that mission.

Thank you,

David M. Ewalt, Editor in Chief, Scientific American

Subscribe