It has been reported that a wind turbine which is deployed across the energy sector worldwide has been hacked. Due to a software bug, an attacker can get the user name and password from the browser. This can allow admin rights to the whole system.
Why is this important?
Any vulnerability in IT systems allows attackers to access data unlawfully. It is also a good example of how easy it is to end up with a cyber risk on your hands in critical national infrastructure. The EU is planning a new Cyber Directive to strengthen the security obligations on “market operators” of “critical infrastructure”. While it is great to have a Digital Agenda for cyber risk in Europe, the real issue is trying to ensure that system vulnerabilities are avoided. We have done this for years in major IT systems. The same thinking needs to be applied to new Internet-enabled devices and objects. Then think about data leaks with wearable tech…!