As if there weren’t a sufficient number of things to worry about related to the Heartbleed vulnerability disclosed earlier this month, you can now add this to the list: Many of the world’s computers used to control and manage heavy industrial equipment, electric grids, water distribution and other industrial control systems may be vulnerable, too.
The good news is that many of the manufacturers of these systems are issuing patches to plug the hole. The bad news is that there are so many of these systems in place it’s going to be tricky to find them all.
They’re known as SCADA systems — it stands for supervisory control and data acquisition — and they’re basically computers that sit on top of pretty much any kind of industrial equipment you can imagine, from machinery in factories to pumps and generators at energy utilities to pretty much any kind of public infrastructure.
And since many of them have been hooked up to the Internet so that they can be managed remotely, many of them have built-in Web interfaces just like your typical home router. Often those Web interfaces have had a layer of encryption added to them to protect them from, well, hacking. And in a lot of cases that encryption has been OpenSSL, the open source security software. The Heartbleed bug is found in one particular version of OpenSSL, one that was widely adopted around the world for nearly two years before the bug was discovered.