Password Reuse - Control networks double the risk

Control system vendors continue to bury hidden "default" passwords in their system which can fall victim to malware or hackers, making them the perfect backdoor into a company's operations.

01/02/2011


Jason Holcomb at Digital Bond wrote a great article called “Everybody Knows Your Passwords” on the issues of default passwords. In it he talked about how some control system vendors continue to bury hidden “default” passwords in their system. As Stuxnet illustrated, these passwords can fall victim to malware or hackers, making them the perfect backdoor into a company’s operations.

This week, I will add two more issues to this whole password “Hash Up” (sorry for the bad pun) that is a danger to control system security.

Password Re-use

The first is the problem of password reuse in control systems. Password reuse is the habit we all have of using the same password on multiple systems. In the IT world it is causing considerable concern because people use the same password for signing up for a free software download site as they use for accessing their bank account.

http://www.isssource.com/password-reuse-%E2%80%93-control-networks-double-the-risk/



No comments
Consulting-Specifying Engineer's Product of the Year (POY) contest is the premier award for new products in the HVAC, fire, electrical, and...
Consulting-Specifying Engineer magazine is dedicated to encouraging and recognizing the most talented young individuals...
The MEP Giants program lists the top mechanical, electrical, plumbing, and fire protection engineering firms in the United States.
2014 Product of the Year finalists: Vote now; Boiler systems; Indirect cooling; Integrating lighting, HVAC
High-performance buildings; Building envelope and integration; Electrical, HVAC system integration; Smoke control systems; Using BAS for M&V
Pressure piping systems: Designing with ASME; Lab ventilation; Lighting controls; Reduce energy use with VFDs
Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Consulting-Specifying Engineer case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.

Protecting standby generators for mission critical facilities; Selecting energy-efficient transformers; Integrating power monitoring systems; Mitigating harmonics in electrical systems
Commissioning electrical systems in mission critical facilities; Anticipating the Smart Grid; Mitigating arc flash hazards in medium-voltage switchgear; Comparing generator sizing software
Integrating BAS, electrical systems; Electrical system flexibility; Hospital electrical distribution; Electrical system grounding
As brand protection manager for Eaton’s Electrical Sector, Tom Grace oversees counterfeit awareness...
Amara Rozgus is chief editor and content manager of Consulting-Specifier Engineer magazine.
IEEE power industry experts bring their combined experience in the electrical power industry...
Michael Heinsdorf, P.E., LEED AP, CDT is an Engineering Specification Writer at ARCOM MasterSpec.