Page 36 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 36
New Data Affirms Cyber Threat for Industrial Control Systems
Recent CyberX report finds that plain-text passwords, direct internet connections and weak anti-virus protections
place industrial control systems at risk for cyberattacks
by Phil Neray, VP of Industrial Cybersecurity, CyberX
“Press Here to Kill Everybody,” the provocative title of Bruce Schneier’s new book, gets right to the heart
of the risks involved in industrial cybersecurity. Destructive malware such as WannaCry and NotPetya, as
well as targeted attacks such as TRITON and Industroyer, have shown the potential impact of cyberattacks
on our industrial control systems (ICS). The costly production outages and clean-up costs alone put
companies at great risk, but even those are overshadowed by the potential impact of catastrophic safety
and environmental incidents.
Though positive steps have lately been taken to secure our ICSs, new data from CyberX, the IIoT and ICS
security company, finds that these systems are still soft targets for adversaries. The data behind our 2019
“Global ICS & IIoT Risk Report,” released on October 23, shows that major security gaps remain in key
areas such as plain-text passwords, direct connections to the internet and weak anti-virus protection.
We also found the prevalence of Windows XP and other legacy Windows systems has decreased year-
over-year — driven top-down by management in the aftermath of NotPetya’s financial damage — but we’re
still finding unpatchable Windows systems in 53 percent of all industrial sites.
Unlike questionnaire-based surveys, our report analyzes real-world traffic from production ICS networks,
making it a more accurate representation of the current state of ICS security. The report is based on data
collected over the past 12 months from more than 850 production ICS networks, across six continents and
all industrial sectors including energy and utilities, manufacturing, pharmaceuticals, chemicals, and oil and
gas.
36
