Enterprises leave vulnerable industrial control systems exposed online

Security breach lock

Industrial control systems (ICS) are not supposed to be connected to the Internet, Kaspersky Lab says, as it opens a sea of opportunities for hackers. Such systems are run by energy, transportation, aerospace, oil and gas, chemicals, automotive and manufacturing, food and drink, governmental, financial and medical institutions, and should be, for the sake of security, run in a physically isolated environment.

However, Kaspersky Lab says that is not the case, and that it has found 13,698 ICS hosts exposed to the Internet, which very likely belong to large organizations. More than nine in ten (91.1 percent) host remotely-exploitable vulnerabilities, and 3.3 percent contain "critical and remotely executable vulnerabilities".

"Our research shows that the larger the ICS infrastructure, the bigger the chance that it will have severe security holes. This is not the fault of a single software or hardware vendor. By its very nature, the ICS environment is a mix of different interconnected components, many of which are connected to the Internet and contain security issues", says Andrey Suvorov, head of Critical Infrastructure Protection, Kaspersky Lab.

"There is no 100 percent guarantee that a particular ICS installation won’t have at least one vulnerable component at any single moment in time. However, this doesn’t mean that there is no way to protect a factory, a power plant, or even a block in a smart city from cyber-attacks. Simple awareness of vulnerabilities in the components used inside a particular industrial facility is the basic requirement for security management of the facility. That was one of the goals behind our report: to bring awareness to interested audiences".

Kaspersky advises ICS hosts to conduct security audits, request external intelligence and provide protection inside, as well as outside the perimeter. Advanced methods of protection should also be evaluated.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Image Credit: Sergey Nivens / Shutterstock

6 Responses to Enterprises leave vulnerable industrial control systems exposed online

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.