Industrial control systems increasingly vulnerable to internet access
The risks to industrial control systems (ICS) components posed by internet accessibility is growing every year, a new report has revealed.
In its ICS Security: 2017 in Review study, Positive Technologies found the number of systems that can be accessed by advanced computer users via search engines is soaring, with 175,632 ICS components found to be internet accessible in 2017.
Should such systems be compromised, it could lead to disruption to the workings of factories, transport systems, power plants and other important facilities, the report noted. As such, it means they are a potential weak spot for advanced economies and societies that may be targeted by cyber warfare.
Among the countries most at risk are the US, Germany, France, China and Canada. 42 per cent of the 175,000 ICS components that could be accessed online were in the US. This tally of 64,287 was up from 50,795. In Germany, the second most at-risk country, the total had risen from 12,542 to 13,242.
The proportion of internet-accessible ICS components that were network devices also rose, up from 5.06 per cent in 2016 to 12.86 per cent. This includes devices like Lantronix and Moxa interface converters.
To compound the situation, the number of vulnerabilities found in ICS components has also risen, up from 115 in 2016 to 197. Half of these were in the high risk or critical categories.
Commenting on the findings, head of ICS Security at Positive Technologies Vladimir Nazarov said: “Despite numerous incidents, reports, and large-scale regulatory efforts, it is alarming that, overall, industrial systems aren’t more secure than they were ten years ago. Today, anyone can go on the internet and find vulnerable building systems, data centers, electrical substations, and manufacturing equipment.
"ICS attacks can mean much more than just blackouts or production delays – lives may be at stake."
He added that this means designer should build security systems into devices before they even begin "writing the first line of code".
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.