Daktronics Responds to ICS-CERT Vanguard(R) Default Credentials Alert


BROOKINGS, S.D., June 12, 2014 (GLOBE NEWSWIRE) -- Recently, a small number of North Carolina Department of Transportation Daktronics (Nasdaq:DAKT) Vanguard® dynamic message signs were compromised. As a result, on June 5, 2014, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a division of the U.S. Department of Homeland Security, issued alert ICS-ALERT-14-155-01A referencing a hardcoded password in the Vanguard controller as the primary cause. The ICS-CERT later clarified the alert on Friday, June 6, 2014, stating the password is not hardcoded but is a default password that display owners should change upon installation. ICS-CERT also communicated mitigation recommendations (reprinted below) within the alert.   

While the recommendations provided by the ICS-CERT are commonly known as best practices for all display network owners, the alert itself is only applicable to transportation agencies using variable or dynamic message signs. United States transportation system device standards require manufacturers of variable or dynamic message signs to meet unique specifications that are not applicable to other Daktronics products and control systems.  We appreciate our customers' continued trust in Daktronics and look forward to discussing any questions or concerns they may have regarding their Daktronics display. 

ICS-ALERT-14-155-01A

MITIGATION

--------- Begin Update A Part 2 of 2 --------

ICS-CERT is currently coordinating with the Daktronics and the Federal Highway Administration to identify mitigations.

Daktronics and the Federal Highway Administration recommend the following:

  • Displays should not be on publicly accessible IP addresses.  Placing a display on a private network or VPN helps mitigate the lack of security,
  • Disable the telnet, webpage, and web LCD interfaces when not needed, and
  • Change the default password to a strong password as soon as possible on all installed devices.

--------- End Update A Part 2 of 2----------

ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities.  Specifically, users should:

  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. (ICS-CERT ALERT, http://ics-cert.us-cert.gov/alerts/ICS-ALERT-10-301-01)
  • Locate system networks and devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

ABOUT DAKTRONICS

Daktronics helps its customers impact audiences throughout the world with large-format LED video displays, message displays, scoreboards, digital billboards and control systems in sport, business and transportation applications. Founded in 1968 as a USA-based manufacturing company, Daktronics has grown into the world leader in audio-visual systems and implementation with offices around the globe. Discover more at www.daktronics.com.

SAFE HARBOR STATEMENT

Cautionary Notice: In addition to statements of historical fact, this news release contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995 and is intended to enjoy the protection of that Act. These forward-looking statements reflect the Company's expectations or beliefs concerning future events. The Company cautions that these and similar statements involve risk and uncertainties which could cause actual results to differ materially from our expectations, including, but not limited to, changes in economic and market conditions, management of growth, timing and magnitude of future contracts, fluctuations in margins, the introduction of new products and technology, the impact of adverse weather conditions and other risks noted in the Company's SEC filings, including its Annual Report on Form 10-K for its 2013 fiscal year. Forward-looking statements are made in the context of information available as of the date stated. The Company undertakes no obligation to update or revise such statements to reflect new circumstances or unanticipated events as they occur.



            

Contact Data