Useless default security settings found to risk US power grid more than #Sandy – from Nextgov.com

In Just released IG inspections, obsolete and negligently managed computer security settings were found to leave US power grids wide open to hijacking.

Russ Imrie October 29, 2012

As I contemplate the soggy leading edge of Hurricane Sandy from my Arlington office, the big concern of neighbors and friends is the loss of electrical power for communication and for comfort. We all run on the electrical grid (disclaimer: I DID live off the grid using solar for 9 years so this is a reality post, not a booster piece :) and while Hurricane Sandy storm damage promises power outages across a swath of the Eastern US, a much larger threat looms across the nation.

Probes designed to test the penetrability of computerized controls for the power grid have found obsolete operating systems and incredible negligence in password management. Like. No. Password. Needed. Systems have been left to the installation default password of “password” or “administrator.”

Former employees still have access to critical computers long after they are no longer working on them. It boggles the mind to think of the viruses, trojans, key board catchers, usb ports, and unchanged passwords leaving gaping holes in our national security. My 19-year-old gamester son implements better practices while staying connected to far-flung opponents and hoards of Facebook friends.!

“The government’s largest renewable power transmission agency used a default password to protect its electricity scheduling database and regularly failed to update security software, an Energy Department inspector general found.The Western Area Power Administration markets and delivers hydroelectric energy to utilities serving millions of homes and businesses in the Rocky Mountain, Sierra Nevada, Great Plains and Southwest regions. The agency depends on information technology systems to manage its massive electrical power complex and finances, according to federal officials.”

via Largest U.S. energy marketing agency used outdated security patches – Nextgov.com.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s