Report shows the number of Internet-accessible Industrial Control Systems is increasing every year
- Published: Monday, 05 February 2018 08:30
The number of industrial control system (ICS) components - which run factories, transport, power plants and other facilities – left open to Internet access, is increasing every year. ‘ICS security: 2017 in review,’ a new report from Positive Technologies, analyses findings on ICS threats created by online accessibility and software vulnerabilities.
Advanced industrial countries, such as the US, Germany, China, France, and Canada, were home to the largest numbers of Internet-accessible ICS components. Of the 175,632 Internet-accessible ICS components detected, approximately 42 percent were in the US, representing a 10 percent increase over the previous year (from 50,795 to 64,287). This is a long stretch above second place, where Germany sits the second year in a row with 13,242 discovered.
The Positive Technologies research team also noted that more and more Internet-accessible ICS components are actually network devices, such as Lantronix and Moxa interface converters, which represented 12.86 percent of detected components in 2017, up from 5.06 percent in 2016. Although these converters are often regarded as relatively unimportant, they can be quite useful for hackers, as has been seen in a number of high-profile attacks.
The most common software on Internet-accessible ICS components is Niagara Framework components. Niagara connects and enables management control over systems like air conditioning, power supplies, telecommunications, alarms, lighting, security cameras, and other important building systems.
Another key finding is the growing number of vulnerabilities in ICS components. The number of vulnerabilities reported by major vendors in 2017 was 197, compared to only 115 in the prior year. Over half of these vulnerabilities were of critical or high risk in nature. A large share of the vulnerabilities disclosed in 2017 involved ICS network equipment such as switches, interface converters, and gateways. This is especially worrisome because network equipment is increasingly Internet-connected. Further, most reported ICS vulnerabilities can be exploited remotely without hackers needing to somehow obtain privileges in order to access targeted systems.
In terms of the number of vulnerabilities publicly disclosed in 2017, the previous year's leader, Siemens, fell back to second. The 47 vulnerabilities disclosed in Schneider Electric ICS products are almost ten times as many as the number from the year before. Moxa also showed a growing vulnerability count with 36 in 2017 compared to 18 in 2016.
The report offers guidelines for improving ICS security. Basic measures that can be taken immediately by organizations include: (1) separating operational networks from the corporate LAN and external networks (such as the Internet); (2) diligently installing security updates, and (3) regularly auditing the security of ICS networks in order to identify potential attack vectors.