Assessment of information security vulnerabilities in common seismological equipment
Assessment of information security vulnerabilities in common seismological equipment
Seismological Research Letters (February 2021) 92 (2A): 933-940
Modern seismic and Global Navigation Satellite Systems stations are nowadays equipped with Internet of Things devices that acquire, process, and transmit various geophysical parameters in near-real time. This technological advance has introduced a new threat paradigm for common seismological devices. Such threats can be assessed with standard information security methods and practices. This article aims to identify security weaknesses, describe weak security points and potential attacks on such environments, and anticipate the countermeasures needed. Real tests and attacks have been applied to demonstrate the lack of data encryption and user authentication processes, the risks posed by unencrypted communication protocols, unsafe practices regarding settings and passwords, and poor design implementations. All these factors may impact and possibly disrupt the daily operation of seismic observatories because they can lead to falsifying data, altering configurations, or producing malicious false alarms. These in turn may cause unnecessary public concern or distrust, financial losses, or even national security issues. For all these reasons, several countermeasures and solutions are also proposed and evaluated to address each of the identified vulnerabilities.