Cybersecurity Insight

Nuclear Plants Communicate via Unencrypted Pagers

1 Nov

Researchers have recently discovered that highly secured sites – think nuclear power plants, defense contractors, and mechanical operators – utilize entirely unsecured communication methods in the way of unencrypted pagers. Remember pagers? These same devices that many thought went the way of fax machines and cord phones are actually used to send the following alerts at a number of highly secured sites:

  • Reduced pumping flow rate
  • Water leak, steam leak, radiant coolant service leak, electrohydraulic control oil leak
  • Fire accidents in an unrestricted area and in an administration building
  • Loss of redundancy
  • People requiring off-site medical attention
  • A control rod losing its position indication due to a data fault
  • Nuclear contamination without personal damage

Over the course of a four-month period, security firm Trend Micro found more than 54 Million messages from unencrypted pagers that fit into the following categories. One example is that an HVAC system sent an email-to-pager message regarding high levels of sewage water to a hospital, however others were in regards to unsafe conditions surrounding mission-critical infrastructure. On top of the alerts received, Trend Micro was able to disseminate the names and emails of all employees using unencrypted pagers, as well as what projects they were referencing.

Now, looking at the information a hacker could glean from intercepted pager messages, it doesn’t look like a lot on the surface. However, with a little extra leg work, the results would be far scarier than anyone could imagine. Someone could take advantage of a system malfunction and send an email disguised to look like one of there internal communications. A phishing scam could be concocted from the names and emails associated with the pager messages. These actions and others are easy possibilities for an attacker to take advantage of a system with catastrophic consequences.

To play devil’s advocate, many of these organizations have to rely on unencrypted pagers because they have operate within extremely low power requirements, and in areas where cellular frequency is non-existent. However, this doesn’t negate the slippery slope associated with using unsecured devices for what should be highly secured communications. As is the case in any industry, with organizations of any size, securing every part of your network – virtual, physical, and mobile – is beyond necessary; frankly, it is imperative. Utilizing an outside resource such as Neovera can equip your vital information with 24×7 managed and monitored security. Not only will your communications be completely secured, but you will have peace of mind knowing your organization as a whole is completely protected.