The Federal Bureau of Prisons is concerned about the possibility of hackers remotely opening cell doors to aid mass jailbreaks across the country.
”[We] are aware of this… and taking it very seriously,” Federal Bureau of Prisons spokesperson Chris Burke told The Washington Times.
Burke was responding to a recent report about the potential vulnerabilities of industrial control systems (ICS) deployed in the majority of American prisons.
Indeed, ICS platforms are becoming a favorite target for hackers, as the software also regulates power plants, water treatment facilities and other critical infrastructure.
“You could open every cell door, and the system would be telling the control room they are all closed,” said John J. Strauchs, a former CIA operations officer.
According to Strauchs, cyber infiltrators could effectively destroy prison doors by overloading related electrical systems and locking them permanently open.
Similarly, digital attackers could also “shut down secure communications” via a prison intercom system and crash the facility’s closed-circuit television system – blanking out all monitors.
“The mostly likely vector [entry point] would be to bribe a prison guard to insert a USB drive with malicious programming. [This is] hard to stop and [difficult] to find out who did it,” said Strauchs.
“Personally, I think the greatest danger is assassination… You create chaos as a way to [implement a plan to] kill someone.”
Sean P. McGurk, a former DHS official, confirmed that his department had analyzed the ICS vulnerability using a special computer test bed at the Idaho National Laboratory.
“We validated the researchers’ initial assertion… They could remotely reprogram and manipulate the ICS controllers.”
However, Teague Newman, another DHS official, emphasized that ICS platforms were not supposed to be connected to the Internet, external networks or non-secure devices.
“[Yet], in our experience, there were often connections to other networks or devices, which were in turn connected to the Internet, making them potentially accessible to hackers,” he added.