Weekend Must-Read: ICSs May Not Be Safe from Heartbleed after All

Just how vulnerable industrial systems are is still unclear. 

Industrial firewall-maker Innominate Security Technologies AG of Berlin on Friday informed its customers in an e-mail that some of its firmware products used in industrial firewall systems were vulnerable to Heartbleed attacks. Innominate’s industrial firmware is used by several US industrial cybersecurity companies, but it may not be too widespread, some cybersecurity experts said. A snapshot of potentially affected Innominate-related equipment using the SHODAN search engine, which indexes industrial control systems, revealed that 1,500 or so systems worldwide are affected, with just over 200 US systems.

Ralph Langner of Stuxnet fame says “The impact of the Heartbleed vulnerability on the cyber security of critical infrastructure (where it involves industrial control systems) is minimal,”

But don't relax says Robert Radvanovsky, a cybersecurity researcher and co-founder of Infracritical, a think tank focused on shoring up cyberweaknesses in critical infrastructure. “It’s still very unclear just what type of systems are vulnerable to Heartbleed, and there will be many other systems not listed by SHODAN,” he says. “Right now the numbers look small, but it would be a mistake to take it easy.”

The complete story is here.