EE Times (09/24/15) Quinnell, Rich
Recent reports show that industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems are increasingly at risk from cyber-attacks, posing a threat to critical infrastructure and industry. A recent report from Recorded Future shows that the number of ICS security vulnerabilities has grown steadily since they came to most people’s attention in the wake of Stuxnet in 2011. The increase in the number of known vulnerabilities has also accompanied an increase in the number of exploits targeting those vulnerabilities. In its 2015 Threat Report, Dell Security reports that the number reported attacks on SCADA systems more than quadrupled last year, growing from 163,228 in 2013 to 675,186 in 2014. The true numbers are likely much higher, as many attacks on SCADA systems undoubtedly go unreported. However, few of the attacks on ICS and SCADA systems have been truly damaging, which Recorded Future CEO Christopher Ahlberg says has contributed to a lassitude among both industry and vendors. Ahlberg suspects that a lot of groundwork is being done by hackers to infiltrate and subvert ICS and SCADA systems and that major attacks could be just over the horizon. He is particularly worried about ransomware attacks on such systems. He suggests that infrastructure and industry develop means of quickly and easily detecting and patching vulnerabilities in ICS and SCADA systems, and cultivate relationships with security researchers.
Information provided by Don Ronsberg, Protective Security Advisor, North Dakota District, Infrastructure Protection, U.S. Department of Homeland Security