Security News > 2022 > July > What to do about inherent security flaws in critical infrastructure?

What to do about inherent security flaws in critical infrastructure?
2022-07-03 11:17

The latest threat security research into operational technology and industrial systems identified a bunch of issues - 56 to be exact - that criminals could use to launch cyberattacks against critical infrastructure.

"Industrial control systems have these inherent vulnerabilities," Ron Fabela, CTO of OT cybersecurity firm SynSaber told The Register.

In research published last week, Forescout's Vedere Labs detailed 56 bugs in devices built by ten vendors and collectively named the security flaws OT:ICEFALL. As the report authors acknowledged, many of these holes are a result of OT products' being built with no basic security controls.

A few hours after Forescout published its research, CISA issued its own security warnings related to the OT:ICEFALL vulnerabilities.

Reid Wightman is a senior vulnerability researcher with OT security shop Dragos' threat intel team.

Forescout cited some of his research, and dedicated a section of the ICEFALL analysis to security flaws with the ProConOS runtime in PLCs. In an email to The Register, Wightman noted that a lot of industrial controllers have the same set of problems that isn't going away: "They allow unauthenticated code to run on the PLC.".


News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/03/inherent_security_flaws_ics/