The US government has launched an investigation after a security expert claimed that a flaw in Siemens networking equipment could open the door for hackers to attack power plants.
The BBC report that a security expert said that he had found a backdoor in hardware, widely used by power companies, from a Siemens subsidiary, RuggedCom.
The Department of Homeland Security said it was in contact with the firm to assess the claim, after security researcher Justin W Clarke made the alleged law public at an L.A conference.
He told delegates that the firm used a single software “key” to decode traffic that it encrypted across its network, and that he had found a way to extract the key.
He added that if hackers could spy on the communications of infrastructure operators, they might be able to gain credentials to access systems used to operate power stations and other infrastructure.
Homeland Security said that it had “notified the affected vendor of the report” and had asked it “to confirm the vulnerability and identify mitigations”.
Although there have been no publicly reported cases of damage caused by cyber-attacks on US critical infrastructure, the issue is a growing problem.
Earlier this month security firms reported another type of malware – dubbed Shamoon – had struck “at least one organisation” in the energy sector.
For more power policy and regulation news