Chinese Weapon Systems Vulnerable To SCADA Hack

The US Department of Homeland Security (DHS) has warned that Chinese weapon systems are vulnerable to hackers.

The warning came in a DHS advisory written by the DHS Industrial Control Systems Cyber Emergency Response Team. The document warned that software widely used in China to run  weapons systems, utilities and chemical plants has bugs that could allow hackers to damage public infrastructure.

The software is said to be the Sunway ForceControl and pNetPower SCADA/HMI applications, from Beijing-based Sunway ForceControl Technology. This is according to a NSS Labs security researcher, who discovered the flaw.

Control Systems

SCADA stands for Supervisory Control and Data Acquisition, and is used by systems that control, monitor and automate the activities of connected physical systems, such as oil and gas pipeline valves, temperature monitoring and cooling systems, energy grids and traffic lights.

Needless to say, if a hacker were able to access these systems, the potential for damage would be huge.

“Successful exploitation of these vulnerabilities could allow an attacker to perform a remote denial of service or to remotely execute arbitrary code against the ForceControl and pNetPower server applications,” said the DHS advisory. “This action can result in adverse application conditions and ultimately impact the production environment on which the SCADA system is used.”

“Impact to individual organisations depends on many factors that are unique to each organisation. ICS-CERT recommends that organisations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation,” it said.

It seems that the Americans opted to co-operate with their Chinese counterparts after the ICS-CERT “co-ordinated with the researcher, China National Vulnerability Database (CNVD), and Sunway to ensure full remediation of the reported vulnerabilities.”

Apparently Sunway has issued two patches that address both vulnerabilities.

Vulnerable Utilities

The Sunway software is also used to control industrial systems in other countries as well.

Back in early 2009, foreign hackers were able to hack into the US electric grid, after it was discovered they had planted software that could disrupt the system.

And of course the potential vulnerability of industrial control systems was again highlighted by the Stuxnet worm, which infected Iran’s nuclear fuel programme last year.

National Defence

This has led to warning that national infrastructures are ill-prepared to defend themselves against co-ordinated cyber attacks, and some have predicted that future wars could be fought in cyber space.

In February Foreign Secretary William Hague revealed that the UK government had been infected by the Zeus information-stealing Trojan in December. And defence secretary Liam Fox recently said that Britain is under constant attack from hackers, and last year 1,000 potentially serious offensives were blocked.

The European Union recently created its own taskforce to counter the growing threat of cyber attacks. Meanwhile The British government has also acknowledged it has begun work on offensive cyber-weapons to complement its existing defensive capabilities.

This follows the comments from Armed Forces Minister Nick Harvey last November, when he said that the UK must have the ability to launch its own attack against those carrying out cyberwarfare against this country and its infrastructure.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

42 mins ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

18 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

20 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

21 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

22 hours ago