Kaspersky study reveals ICS vulnerabilities


A latest report on the Industrial Control Systems (ICS) from Kaspersky Lab revealed vulnerabilities because they are connected to internet.

The security service provider said large organizations likely have ICS components connected to the internet, opening chances for cyber attacks on critical infrastructure systems.

The study found that 17,042 ICS components on 13,698 different hosts exposed to the Internet, likely belong to large organizations.

The organisations surveyed include energy, transportation, aerospace, oil and gas, chemicals, automotive and manufacturing, food and service, governmental, financial and medical institutions.

Kaspersky suggests ICS should be run in a physically isolated environment to minimize the possibility of a cyber-attack.

The report shows that thousands of hosts are being exposed with 91.1 percent of these ICS hosts having vulnerabilities that can be exploited remotely.

“There is no 100 percent guarantee that a particular ICS installation won’t have at least one vulnerable component at any single moment in time,” said Andrey Suvorov, Head of Critical Infrastructure Protection, Kaspersky Lab.

“However, this doesn’t mean that there is no way to protect a factory, a power plant, or even a block in a smart city from cyber-attacks. Simple awareness of vulnerabilities in the components used inside a particular industrial facility is the basic requirement for security management of the facility.”