Web Data Reveals ICS Vulnerabilities Increasing Over Time
By Christopher Ahlberg on September 9, 2015
Immediately Available: Download your free copy of this report now.
Industrial control systems (ICS) and SCADA systems are subject to cyber attack, just like any digitally connected system.
In the case of ICS and SCADA, however, the stakes are higher due to their connection, in turn, to water, power, and other critical infrastructure that allows society to function. Unlike a “regular” data breach, however, where the loss may include social security numbers, credit card information, or even health data — all of which are destructive in their own right — when critical infrastructure is breached, loss of life can occur.
Over the past few years, we’ve seen the potential for attacks on ICS grow. The number of publicly disclosed vulnerabilities and off-the-shelf-exploits targeting ICS has increased as well, meaning these systems are more at risk than ever before.
Because the potential devastation is so high, Recorded Future conducted a study to learn more about the risks.
We analyzed a few datasets, including the NIST Vulnerability database, alongside the Recorded Future Web intelligence holdings, which includes data from the deep, dark, and open Web. Our aim in this study was to understand the available and known capabilities for attacks on ICS.
What we found was a worrying trend of ICS exploits available and ready to be exploited.
ICS exploits growing over time, with 2015 likely growing to largest number so far.
Download a copy of the report to read the full study and learn how Recorded Future is taking information from the Web and turning it into actionable threat intelligence.
Update: Thank you to Chris Sistrunk from Mandiant for pointing to his earlier research on this subject.