Password Reuse - Control networks double the risk

Control system vendors continue to bury hidden "default" passwords in their system which can fall victim to malware or hackers, making them the perfect backdoor into a company's operations.

01/02/2011


Jason Holcomb at Digital Bond wrote a great article called “Everybody Knows Your Passwords” on the issues of default passwords. In it he talked about how some control system vendors continue to bury hidden “default” passwords in their system. As Stuxnet illustrated, these passwords can fall victim to malware or hackers, making them the perfect backdoor into a company’s operations.

This week, I will add two more issues to this whole password “Hash Up” (sorry for the bad pun) that is a danger to control system security.

Password Re-use

The first is the problem of password reuse in control systems. Password reuse is the habit we all have of using the same password on multiple systems. In the IT world it is causing considerable concern because people use the same password for signing up for a free software download site as they use for accessing their bank account.

http://www.isssource.com/password-reuse-%E2%80%93-control-networks-double-the-risk/



Consulting-Specifying Engineer's Product of the Year (POY) contest is the premier award for new products in the HVAC, fire, electrical, and...
Consulting-Specifying Engineer magazine is dedicated to encouraging and recognizing the most talented young individuals...
The MEP Giants program lists the top mechanical, electrical, plumbing, and fire protection engineering firms in the United States.
Exploring fire pumps and systems; Lighting energy codes; Salary survey; Changes to NFPA 20
How to use IPD; 2017 Commissioning Giants; CFDs and harmonic mitigation; Eight steps to determine plumbing system requirements
2017 MEP Giants; Mergers and acquisitions report; ASHRAE 62.1; LEED v4 updates and tips; Understanding overcurrent protection
Power system design for high-performance buildings; mitigating arc flash hazards
Transformers; Electrical system design; Selecting and sizing transformers; Grounded and ungrounded system design, Paralleling generator systems
Commissioning electrical systems; Designing emergency and standby generator systems; VFDs in high-performance buildings
As brand protection manager for Eaton’s Electrical Sector, Tom Grace oversees counterfeit awareness...
Amara Rozgus is chief editor and content manager of Consulting-Specifier Engineer magazine.
IEEE power industry experts bring their combined experience in the electrical power industry...
Michael Heinsdorf, P.E., LEED AP, CDT is an Engineering Specification Writer at ARCOM MasterSpec.
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me