Security News > 2022 > July > What to do about inherent security flaws in critical infrastructure?
The latest threat security research into operational technology and industrial systems identified a bunch of issues - 56 to be exact - that criminals could use to launch cyberattacks against critical infrastructure.
"Industrial control systems have these inherent vulnerabilities," Ron Fabela, CTO of OT cybersecurity firm SynSaber told The Register.
In research published last week, Forescout's Vedere Labs detailed 56 bugs in devices built by ten vendors and collectively named the security flaws OT:ICEFALL. As the report authors acknowledged, many of these holes are a result of OT products' being built with no basic security controls.
A few hours after Forescout published its research, CISA issued its own security warnings related to the OT:ICEFALL vulnerabilities.
Reid Wightman is a senior vulnerability researcher with OT security shop Dragos' threat intel team.
Forescout cited some of his research, and dedicated a section of the ICEFALL analysis to security flaws with the ProConOS runtime in PLCs. In an email to The Register, Wightman noted that a lot of industrial controllers have the same set of problems that isn't going away: "They allow unauthenticated code to run on the PLC.".
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/03/inherent_security_flaws_ics/
Related news
- DHS establishes AI Safety and Security Board to protect critical infrastructure (source)
- U.S. Government Releases New AI Security Guidelines for Critical Infrastructure (source)
- Critical infrastructure security will stay poor until everyone pulls together (source)
- 73% of SME security pros missed or ignored critical alerts (source)
- 10 Critical Endpoint Security Tips You Should Know (source)
- America's enemies targeting US critical infrastructure should be 'wake-up call' (source)
- ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws (source)