Since last spring, U.S. Department of Homeland Security warnings to manufacturers and infrastructure owners about industrial control systems’ vulnerabilities to cyberattack have grown increasingly dire. In October, those warnings were recast as stark realities when DHS and the FBI issued a joint technical alert confirming ICS cyberattacks against manufacturers as well as energy, nuclear, and water utilities. The breaches are part of a long-term campaign targeting small and low-security networks as vectors for gaining access to larger, high-value networks in the energy sector.
Made especially visible by May’s worldwide WannaCry ransomware attacks, the security and cybersecurity of industrial control and automation systems have become a topic that can’t safely be ignored. Yet the 2017 annual Kaspersky Lab ICS survey of cybersecurity practitioners at industrial organizations found that while half experienced at least one IT security incident in the previous year, 31 percent said ICS cybersecurity is still a low priority for senior management. Kaspersky itself late last month said it would undertake third-party security reviews of its anti-virus software after the DHS moved to bar the use of Kaspersky products by government agencies and vendors. DHS announced the move after data was stolen from a National Security Agency contractor’s home computer, which was running a version of Kaspersky AV.
Source: EE Times