The US Department of Homeland Security (DHS) has warned that Chinese weapon systems are vulnerable to hackers.
The warning came in a DHS advisory written by the DHS Industrial Control Systems Cyber Emergency Response Team. The document warned that software widely used in China to run weapons systems, utilities and chemical plants has bugs that could allow hackers to damage public infrastructure.
The software is said to be the Sunway ForceControl and pNetPower SCADA/HMI applications, from Beijing-based Sunway ForceControl Technology. This is according to a NSS Labs security researcher, who discovered the flaw.
SCADA stands for Supervisory Control and Data Acquisition, and is used by systems that control, monitor and automate the activities of connected physical systems, such as oil and gas pipeline valves, temperature monitoring and cooling systems, energy grids and traffic lights.
Needless to say, if a hacker were able to access these systems, the potential for damage would be huge.
“Successful exploitation of these vulnerabilities could allow an attacker to perform a remote denial of service or to remotely execute arbitrary code against the ForceControl and pNetPower server applications,” said the DHS advisory. “This action can result in adverse application conditions and ultimately impact the production environment on which the SCADA system is used.”
“Impact to individual organisations depends on many factors that are unique to each organisation. ICS-CERT recommends that organisations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation,” it said.
It seems that the Americans opted to co-operate with their Chinese counterparts after the ICS-CERT “co-ordinated with the researcher, China National Vulnerability Database (CNVD), and Sunway to ensure full remediation of the reported vulnerabilities.”
Apparently Sunway has issued two patches that address both vulnerabilities.
The Sunway software is also used to control industrial systems in other countries as well.
And of course the potential vulnerability of industrial control systems was again highlighted by the Stuxnet worm, which infected Iran’s nuclear fuel programme last year.
This has led to warning that national infrastructures are ill-prepared to defend themselves against co-ordinated cyber attacks, and some have predicted that future wars could be fought in cyber space.
In February Foreign Secretary William Hague revealed that the UK government had been infected by the Zeus information-stealing Trojan in December. And defence secretary Liam Fox recently said that Britain is under constant attack from hackers, and last year 1,000 potentially serious offensives were blocked.
The European Union recently created its own taskforce to counter the growing threat of cyber attacks. Meanwhile The British government has also acknowledged it has begun work on offensive cyber-weapons to complement its existing defensive capabilities.
This follows the comments from Armed Forces Minister Nick Harvey last November, when he said that the UK must have the ability to launch its own attack against those carrying out cyberwarfare against this country and its infrastructure.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…