chungking - Fotolia
This is especially worrying in light of the fact that ICS components left exposed to the public internet is increasing every year, and that these components typically run factories, transport networks, power plants and other facilities.
The researchers found a nearly 10% increase to 64,287 in the past year of IP addresses for ICS components in the US, which along with the Germany, China, France and Canada have the largest number of internet-accessible ICS components.
Of the 175,632 internet-accessible ICS components detected, approximately 42% were in the US, followed by Germany with 13,242, France (7,759), Canada (7,371), Italy (5,858) and China (4,285).
The UK ranked 7th in 2017 with 4,240 internet-accessible ICS components detected, which is worse than countries like Spain, the Netherlands, Australia Belgium, South Korea, Norway and Sweden.
The research also noted that a growing number of internet-accessible ICS components are actually network devices, such as Lantronix and Moxa interface converters, which represented nearly 13% of detected components in 2017, up from 5.06% in 2016. Although these converters are often regarded as relatively unimportant, they can be quite useful for hackers, the researchers said, as has been seen in a number of high-profile attacks.
The most common software on internet-accessible ICS components is Niagara Framework components, which connect and enable management control over systems like air conditioning, power supplies, telecommunications, alarms, lighting, security cameras and other important building systems.
Read more about ICS security
- Airbus is helping to drive the cyber security market for industrial control systems used throughout industry, including many providers of critical national infrastructure.
- There is a pressing need to improve cyber security in industrial control system environments, according to security certification body Crest.
- Vulnerabilities in industrial control systems commonly used by suppliers of critical national infrastructure are potentially the biggest threats to UK cyber security.
- Organisations should mitigate six key vulnerabilities in industrial control systems to reduce the risk of cyber attack, warns security firm FireEye.
Another key finding of the report is the growing number of vulnerabilities in ICS components being reported by major suppliers, with this number up 71% from 2017 to 197. Over half of these vulnerabilities were of critical or high risk in nature, the report said.
A large share of the vulnerabilities disclosed in 2017 involved ICS network equipment such as switches, interface converters, and gateways. This is especially worrisome, the report said, because network equipment is increasingly internet-connected and most reported ICS vulnerabilities can be exploited remotely without attackers needing to obtain privileges to access targeted systems.
In terms of the number of vulnerabilities publicly disclosed in 2017, the previous year's leader, Siemens, fell back to second place. The 47 vulnerabilities disclosed in Schneider Electric ICS products are almost 10 times as many as the number from the year before, while Moxa showed a growing vulnerability count with 36 in 2017 compared with 18 in 2016.
“Despite numerous incidents, reports, and large-scale regulatory efforts, it is alarming that, overall, industrial systems are not more secure than they were ten years ago,” said Vladimir Nazarov, head of ICS security at Positive Technologies.
“Today, anyone can go on the internet and find vulnerable building systems, datacentres, electrical substations, and manufacturing equipment,” he said.
Lives at stake
According to Nazarov, ICS attacks can mean far more than just blackouts or production delays. “Lives may be at stake, and this is why it’s so important that before even writing the first line of code, developers design-in the security mechanisms necessary to keep ICS components secure. And, when these mechanisms eventually become outdated, they need to modernise them in a timely manner.”
The report said basic measures that can be taken immediately by organisations include:
- Separating operational networks from the corporate and external networks such as the internet
- Diligently installing security updates
- Regularly auditing the security of ICS networks to identify potential attack vectors