Recently, a small number of
Vanguard^® dynamic message signs were compromised. As a result, on
a division of the
ICS-ALERT-14-155-01A referencing a hardcoded password in the Vanguard
controller as the primary cause. The ICS-CERT later clarified the alert on
password that display owners should change upon installation. ICS-CERT also
communicated mitigation recommendations (reprinted below) within the alert.
While the recommendations provided by the ICS-CERT are commonly known as best
practices for all display network owners, the alert itself is only applicable
to transportation agencies using variable or dynamic message signs. United
States transportation system device standards require manufacturers of
variable or dynamic message signs to meet unique specifications that are not
applicable to other
our customers' continued trust in
any questions or concerns they may have regarding their
--------- Begin Update A Part 2 of 2 --------
ICS-CERT is currently coordinating with the
* Displays should not be on publicly accessible IP addresses. Placing a
display on a private network or VPN helps mitigate the lack of security,
* Disable the telnet, webpage, and web LCD interfaces when not needed, and
* Change the default password to a strong password as soon as possible on
all installed devices.
--------- End Update A Part 2 of 2----------
ICS-CERT recommends that users take defensive measures to minimize the risk
of exploitation of these vulnerabilities. Specifically, users should:
* Minimize network exposure for all control system devices and/or systems,
and ensure that they are not accessible from the Internet. (ICS-CERT
* Locate system networks and devices behind firewalls, and isolate them from
the business network.
* When remote access is required, use secure methods, such as Virtual
Private Networks (VPNs), recognizing that VPNs may have vulnerabilities
and should be updated to the most current version available. Also
recognize that VPN is only as secure as the connected devices.
© 2014 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.