What is unusual is that RuggedCom’s equipment is often used as a digital fortress, protecting from hackers far more vulnerable systems that throw mechanical switches or close and open valves. Also surprising, experts say, is that the password needed to enter through this back door appears to be relatively easy to hack.

If hackers can get through the back door of RuggedCom’s routers and digital switches, the entire system that they are a part of becomes vulnerable. For example, Stuxnet, the world’s first publicly identified cyber super weapon, in 2009 wreaked havoc on Iran’s nuclear centrifuge refining system by exploiting a password hidden inside a Siemen’s operating system.

“It is a very serious threat,” says Robert Radvanovsky, a cybersecurity researcher and cofounder of Infracritical, a think tank focused on shoring up cyber weaknesses in critical infrastructure. “The big concern is that these devices are what connect to the control systems that run the substations where power gets routed.”