Charlotte Stonestreet
Managing Editor |
Home> | IIot & Smart Technology | >Cyber Security | >Is your ICS cyber secure? |
Is your ICS cyber secure?
19 October 2023
IN A somewhat concerning report, cyber risk management specialist Bitsight has identified nearly 100,000 exposed industrial control systems (ICS) worldwide, potentially allowing an attacker to access and control physical infrastructure such as power grids, traffic light systems, security, water systems, and the like via the internet.
Critical infrastructure sectors heavily rely on ICS to control cyber-physical systems, leading to concerns that the exposed systems identified in the research could present significant risks.
If you are asking yourself whether cyberattacks on ICS really do happen - well, the answer is yes! For concrete evidence of the dangers just look at, for example, when last year hacking group Predatory Sparrow took recognition for an attack that resulted in a severe fire at an Iranian steel manufacturer. The incident caused equipment damage and forced factory workers to evacuate. A compromised machine even released molten steel and fire. Although Predatory Sparrow claims to be a group of hacktivists, the nature and sophistication of the attack led to speculation of nation-state involvement.
In Ukraine an energy supplier was targeted with Industroyer2 ICS malware, described as a new variant of Industroyer (CRASHOVERRIDE), which hackers used in 2016 in an attack aimed at an electrical substation in Ukraine.
In fact, Malware aimed specifically at industrial control systems pops up on a regular basis. Last year also saw the emergence of Incontroller/Pipedream, which is described as a modular ICS attack framework and a collection of custom-made tools, that could be used to target ICS and SCADA devices, including programmable logic controllers from Schneider Electric and Omron, and OPC UA servers.
As part of its study, to measure device exposure Bitsight identified exposed ICSs and mapped them to an inventory of global organisations. Bitsight's analysis reveals that thousands of organisations are using ICSs directly reachable from the public internet, presenting a series of potential consequences of which private and public sector leaders should be aware.
The study encompassed systems communicating via the most commonly used ICS protocols, including Modbus, KNX, BACnet, Niagara Fox and others.
The number of exposed – or internet-facing – industrial control systems was at nearly 100,000 as of June 2023, but the research did show a promising trend: From 2019 to June 2023, Bitsight observed a decline in the number of ICSs exposed to the public internet. This is a positive development, suggesting that organisations may be properly configuring, switching to other technologies, or removing previously exposed ICSs from the public internet.
Bitsight advises organisations to identify any ICSs deployed by the business and/or third-party business partners, and promptly assess the security of these systems; remove any industrial control systems from the public internet; and employ safeguards such firewalls to protect against unauthorised access to ICSs.
Read the full report at bit.ly/3S9Od45
Charlotte Stonestreet
Editor
- Protect your ICS from cyber-attacks
- Secure data handling
- Cyber security wake-up call
- Serial-to-Ethernet server
- How secure is your ERP system?
- Malware targets industrial safety systems
- Protects controllers from manipulation
- Cyber inventory solution
- Network rental scheme
- Security flaws found in power grid systems