October 7, 2016

Industrial Control Systems 2016 Report: Connected and Vulnerable

Industrial control systems (ICS) are part and parcel of everyday life, from smart homes to nuclear power stations. ICS bridge the gap between the digital world and the physical world by interpreting the commands that control turbines, switches, valves, and more. Because these systems are complex, critical to infrastructure, and often Internet-connected, they make a very tempting target for hackers.

The number of vulnerable ICS components grows every year. Nearly half of the vulnerabilities identified in 2015 are high-risk – and the majority of vulnerabilities were found in the products of the most well-known vendors. Widespread poor security practices, such as default passwords and dictionary-guessable passwords, make it easy for outsiders to access the systems and gain control.

These are the sobering conclusions of research by Positive Technologies, which analyzed data on ICS vulnerabilities from 2012 to 2015, as well as information on the Internet availability of ICS components in 2015. Below is a summary of the findings.