Despite widespread awareness of the physical and data-related danger inherent in exposing critical infrastructure to cyberattack, the number of internet-accessible industrial control systems (ICS) is increasing every year.
According to a report from Positive Technologies, advanced industrial countries, such as the US, Germany, China, France and Canada, are home to the largest numbers of internet-accessible ICS components, which run factories, transport, power plants and other facilities. Of the 175,632 internet-accessible ICS components detected, approximately 42% were in the US, representing a 10% increase over the previous year (from 50,795 to 64,287).
This is a long stretch above second place, where Germany sits the second year in a row with 13,242 discovered. That’s up from 12,542 in 2016.
The PT research team also noted that more and more Internet-accessible ICS components are actually network devices, such as Lantronix and Moxa interface converters, which represented 12.86% of detected components in 2017, up from 5.06% in 2016. Although these converters are often regarded as relatively unimportant, they can be quite useful for hackers, the firm noted.
The most common software on internet-accessible ICS components is Niagara Framework components. Niagara connects and enables management control over systems like air conditioning, power supplies, telecommunications, alarms, lighting, security cameras and other important building systems. Software like this often contains vulnerabilities, and, beyond proof of concept, they’ve already been hacked in the wild, PT said.
And indeed, there is a growing number of vulnerabilities in ICS components. The number of vulnerabilities reported by major vendors in 2017 was 197, compared to only 115 in the prior year. Over half of these vulnerabilities were considered critical or high-risk in nature. A large share of the vulnerabilities disclosed in 2017 involved ICS network equipment such as switches, interface converters and gateways.
Most reported ICS vulnerabilities can be exploited remotely without hackers needing to somehow obtain privileges in order to access targeted systems.
In terms of the number of vulnerabilities publicly disclosed in 2017, the previous year's leader, Siemens, fell back to second. The 47 vulnerabilities disclosed in Schneider Electric ICS products are almost 10 times the amount from the year before (just 5). Moxa also showed a growing vulnerability count with 36 in 2017, compared to 18 in 2016.
“Despite numerous incidents, reports and large-scale regulatory efforts, it is alarming that, overall, industrial systems aren’t more secure than they were 10 years ago,” said Vladimir Nazarov, head of ICS Security at PT. “Today, anyone can go on the internet and find vulnerable building systems, data centers, electrical substations and manufacturing equipment. ICS attacks can mean much more than just blackouts or production delays − lives may be at stake. This is why it's so important that before even writing the first line of code, developers design-in the security mechanisms necessary to keep ICS components secure. And when these mechanisms eventually become outdated, they need to modernize them in a timely manner.”
To improve ICS security, basic measures that can be taken immediately by organizations include: (1) separating operational networks from the corporate LAN and external networks (such as the internet), (2) diligently installing security updates and (3) regularly auditing the security of ICS networks in order to identify potential attack vectors.