Industrial Control Systems are among the most vulnerable

The vulnerability of Industrial Control Systems has been getting a lot of press in recent months. That's a good thing because most people don't spend much time thinking or worrying about such systems. Unfortunately, they are among the most vulnerable systems of all.

Industrial Control Systems haven't really changed all that much in the past decade or two. The protocols they use are fairly rudimentary by today's standards. It's no surprise that they are a fair bit more vulnerable than more modern and robust systems.

Researchers at Forescout Labs and JFrog Security recently underscored this fact by highlighting fourteen different security flaws found in the protocols commonly used by Industrial Control Systems.

They've dubbed the set of flaws "Infra:Halt". As that name suggests these exploits can bring broad swaths of the nation's infrastructure to a screeching halt. That is if hackers make use of the exploits, and most security experts agree is just a matter of time.

 

Forescout had this to say about the risks

Forescout wrote extensively about each of the fourteen exploits on a recent blog post.

"When you're dealing with operational technology, crashing devices and crashing systems is something that can have various serious consequences. There are also remote code execution possibilities in these vulnerabilities, which would allow the attacker to take control of a device, and not just crash it but make it behave in a way that it's not intended to or use it to pivot within the network."

This is a serious threat indeed. Fortunately patches that address many of the vulnerabilities are currently available.

 

My perspective

If your business is in any way connected to the sale or maintenance of Industrial Control Systems, the researchers urge immediate upgrades. Upgrades will patch the currently known vulnerabilities in order to minimize risk.

 

At times you feel that The Borg are saying: "Resistance is futile"

 

By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.

 

Contact me if you would like me to speak for free to your association