The threat from the cybervulnerability dubbed Heartbleed reaches well beyond Web businesses and social networks into the industrial systems that power the US economy, apparently including those used to operate the US power grid.
Unconfirmed reports that Heartbleed has already been used to attack encrypted communications systems of US industrial control systems are being investigated, the US Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) announced in an alert Friday.
“ICS-CERT is aware of reports of attempted exploitation and is in the process of confirming these reports,” read the alert. “ICS-CERT continues to monitor the situation closely and encourages entities to report any and all incidents regarding this vulnerability to DHS.”
At the same time, industrial firewall-maker Innominate Security Technologies AG of Berlin on Friday informed its customers in an e-mail that some of its firmware products used in industrial firewall systems were vulnerable to Heartbleed attacks.