Horror stories show need to scrutinize industrial control systems

Industrial control systems are increasingly being connected to the Internet, which means they’re vulnerable to the same kinds of misconfiguration and software vulnerability problems as devices on IT networks. It’s particularly worrisome if the operational network can link to the IT networks.

How big a problem? SecurityWeek.com recently interviewed several vendors who sell solutions designed for protecting ICS systems and discovered a number of horror stories on customer networks, like these:

–A network administrator at a company temporarily connected a router with known vulnerabilities to the Internet for maintenance purposes. The main firewall was configured to limit the access from the Internet to a specific PC as a precaution. However, the network connectivity of the router to a SCADA (supervisory control and data acquisition) switch wasn’t right, leaving it — and the entire ICS network — open to attack;

–All of a manufacturing plant’s ICS devices were from a tier-1 provider, except for one PLC (programmable logic controller) which was from an obscure supplier. One customer asked the manufacturer to use that specific PLC to produce their products so their engineers could connect remotely and modify its configurations. It’s nice to be attentive to a customer. However, a regulator discovered the device also could have been hacked;

–A vendor doing a cybersecurity assessment of a food and beverage facility in Europe discovered that not only could the plant’s office network be accessed from its ICS (and vice versa), so were the networks of dozens of other facilities in other parts of the world, including some that had been sold to a competitor and no longer belonged to that company. “The most surprising finding was that the ICS network was also accessible from a terminal in the plant’s canteen, which was located outside the plant’s perimeter and offered breakfast and lunch to outside visitors.”

Some of these problems are due to misconfigurations, and some are due to network complexity after acquisitions. Whatever the cause they are perfect examples of why industrial control systems and the networks they are attached to have to be carefully scrutinized.

Read the full story here.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now