Industrial control systems are essential to the smooth operation of various national critical infrastructure. While once segmented from the web, these systems are now becoming increasingly more networked and remotely accessible as organizations transform to meet the digital age. This development potentially exposes industrial control systems to digital threats.
One of the most serious threats confronting industrial control systems today is the Internet of Things (IoT). Organizations and users are becoming more and more dependent on Internet-connected devices, so much so that there’s not enough time to secure them. Such hype has enabled the creation of threats like VPNFilter, a type of botnet which targets routers, network access storage (NAS) devices and other IoT products. In May 2018, researchers observed that VPNFilter had infected half a million IoT products in what Ukrainian officials believed were Russia’s preparations for a digital attack. Less than two months later, Ukrainian law enforcement thwarted an attempted VPNFiler attack by Russian agents against a chlorine station.
The IoT threat facing industrial control systems is expected to get worse. In late 2016, Gartner estimated that there would be 8.4 billion connected things worldwide in 2017. The global research company said there could be approximately 20.5 billion web-enabled devices by 2020. An increase of this magnitude would give attackers plenty of new opportunities to leverage vulnerable IoT devices against industrial control systems.
Concern over flawed IoT devices is justified. Attackers can misuse those assets to target industrial environments, disrupt critical infrastructure and jeopardize public safety. Those threats notwithstanding, many professionals don’t feel that the digital threats confronting industrial control systems are significant. Others are overconfident in their abilities to spot a threat. For instance, Tripwire found in its 2016 Breach Detection Study that 60 percent of energy professionals were unsure how long it would take (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/disruption-the-true-cost-of-an-industrial-cyber-security-incident/