Industrial Control Systems (ICS) the security landscape

To minimize the possibility of a digital attack, Industrial Control Systems (ICS) are supposed to "run" in a physically isolated environment. However, this is not always the case. In their report on the landscape of the threats faced by ICS, Kaspersky Lab experts have revealed 13.698 ICS servers exposed on the Internet and they seem likely to belong to large organizations. ICS drops

These organizations are in areas such as energy, transport, aerospace, oil and gas, chemicals, automotive, manufacturing, food and beverages, government agencies, financial institutions, health organizations. The 91,1% of these ICS hosts have vulnerabilities that can be exploited remotely.

But the worst is not: The 3,3% of the ICS hosts in these organizations contain critical and remote executable vulnerabilities.

Exposing ICS data on the Internet provides many opportunities, but also many security concerns. On the one hand, connected systems are more flexible in terms of rapid reaction to critical situations and the implementation of updated versions. On the other hand, the expansion of the Internet gives digital criminals the opportunity to remotely control the most important of the ICS, which may lead to physical damage to the equipment, as well as potential risk to the entire critical infrastructure.

Sophisticated attacks on ICS are not new. 2015, an organized hacker group named BlackEnergy APT attacked an electricity company in Ukraine. In the same year, two more incidents, supposedly related to digital attacks, were reported in Europe: a steel workshop in Germany and the airport Frederic Chopin in Warsaw.

More attacks of this kind will arise in the future, as the field of attack is large. These 13.698 hosts, located in 104 countries, are only a small part of the total number of ICS-enabled hosts available over the Internet.

To help organizations working with ICS systems to identify potential weak points, Kaspersky Lab experts conducted an investigation into ICS threats. Their analysis was based on OSINT (Open Source Intelligence) and information from public sources, such as ICS CERT, with the research period being limited to 2015.

The main findings of the exhibition "The Landscape of Threats in Industrial Control Systems" are:

  • Overall, 188.019 hosts have been detected with ICS data available over the Internet in 170 countries.
  • Most of the remotely available ICS-based servers are located in the United States. (30,5% - 57.417) and in Europe. In Europe, Germany is the leader (13,9% - 26.142 servers), followed by Spain (5,9% - 11.264 servers) and France (5,6% - 10.578 servers).
  • The 92% (172.982) of the remote ICS servers available have vulnerabilities. 87% of these hosts contain medium-risk vulnerabilities, and 7% of these contain critical vulnerabilities.
  • The number of vulnerabilities in ICS data has increased tenfold over the past five years: from 19 vulnerabilities 2010 to 189 2015. The most vulnerable ICS elements were Human Machine Interface Systems (HMI), Electrical Devices and SCADA systems.
  • 91,6% (172.338 Different Servers) of all external available ICS devices uses weak Internet protocols, which gives attackers the ability to run man-in-the-middle attacks.

"Our research shows that the greater the ICS infrastructure, the greater the chance it will have serious" holes "in the security segment. This is not the fault of the software or its vendor hardware. By its nature, the ICS environment is a mix of different but interrelated components, many of which are connected to the Internet and contain security issues. There is no 100% guarantee that your particular ICS installation will not exhibit at least one vulnerability at some point in time. However, this does not mean that there is no way to protect a factory, a unit, from digital attacks or even a block in a "smart" city.

Simple briefing on the vulnerabilities of data used in a particular industrial facility is the basic prerequisite for managing plant safety. This was one of the reasons that led us to develop our report: To help raise awareness among all concerned about the issue, said Andrey Suvorov, Head of Critical Protection by Kaspersky Lab.

To protect the ICS environment from possible digital attacks, Kaspersky Lab's security experts recommend the following:

  • Perform a security check: the call for industrial safety experts is perhaps the quickest way to identify and eliminate the security gaps described in the report.
  • Request external expertise: Today, the security of IT infrastructures is based on the knowledge of potential attackers. Access to trusted vendor information helps organizations anticipate future attacks on the company's industrial infrastructure.
  • Provide protection inside and outside the perimeter: Mistakes happen. A proper security strategy must allocate significant resources to detect and respond to attacks, as well as prevent an attack before it reaches critical and important .
  • Evaluate advanced protection methods: A default Deny scenario for SCADA systems, regular integrity checks for auditors, and specialized network monitoring can help increase overall company security and reduce the chances of a successful violation, even if some inherently vulnerable nodes can not be patched or removed.

The full report on "Landscape of Threats in Industrial Control Systems" is available on the website Securelist.com.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

20102015hardwaretransportation

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).