Privacy & Security Horror stories show need to scrutinize industrial control systems Howard Solomon @HowardITWC Published: January 3rd, 2019Industrial control systems are increasingly being connected to the Internet, which means they’re vulnerable to the same kinds of misconfiguration and software vulnerability problems as devices on IT networks. It’s particularly worrisome if the operational network can link to the IT networks.How big a problem? SecurityWeek.com recently interviewed several vendors who sell solutions designed for protecting ICS systems and discovered a number of horror stories on customer networks, like these:–A network administrator at a company temporarily connected a router with known vulnerabilities to the Internet for maintenance purposes. The main firewall was configured to limit the access from the Internet to a specific PC as a precaution. However, the network connectivity of the router to a SCADA (supervisory control and data acquisition) switch wasn’t right, leaving it — and the entire ICS network — open to attack; Related Articles Industrial firms aren’t sanitizing USB sticks used for ICS updates: ReportFor security reasons many companies make sure their industrial control systems (ICS) aren't connected to the Internet. Usually that means... November 8th, 2018 Howard Solomon @HowardITWC At Montreal ICS security conference, worries over Canada’s readiness to face cyber attacksFive years ago industrial cyber security expert Terrance Ingoldsby was speaking to a group of officials at a Canadian energy... October 11th, 2017 Howard Solomon @HowardITWC Over 90 per cent of ICS devices exposed to Internet are vulnerable, says KasperskyThere's no doubt that by now CISOs in organizations with industrial control systems (ICS) that connect to the Internet are... July 11th, 2016 Howard Solomon @HowardITWC –All of a manufacturing plant’s ICS devices were from a tier-1 provider, except for one PLC (programmable logic controller) which was from an obscure supplier. One customer asked the manufacturer to use that specific PLC to produce their products so their engineers could connect remotely and modify its configurations. It’s nice to be attentive to a customer. However, a regulator discovered the device also could have been hacked;–A vendor doing a cybersecurity assessment of a food and beverage facility in Europe discovered that not only could the plant’s office network be accessed from its ICS (and vice versa), so were the networks of dozens of other facilities in other parts of the world, including some that had been sold to a competitor and no longer belonged to that company. “The most surprising finding was that the ICS network was also accessible from a terminal in the plant’s canteen, which was located outside the plant’s perimeter and offered breakfast and lunch to outside visitors.”Some of these problems are due to misconfigurations, and some are due to network complexity after acquisitions. Whatever the cause they are perfect examples of why industrial control systems and the networks they are attached to have to be carefully scrutinized.Read the full story here. Related Download Sponsor: CanadianCIO Cybersecurity Conversations with your Board – A Survival Guide A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA Download Now Privacy & Security industrial control systems, security strategies
