Though increasingly serious cybersecurity threats loom, nearly two-thirds of U.S. industrial control system (ICS) vulnerabilities identified in 2017 could cause severe operational impact if exploited, cybersecurity firm Dragos Inc. warned in a series of reports published March 1.

The reports, which cover ICS vulnerabilities, ICS threats, and reactions to existing threats, draw a dire picture of the current state of ICS cybersecurity.

In one report, Reid Wightman, Dragos senior vulnerability analyst, notes that public disclosures issued in 2017 fail to adequately define the industrial impact of vulnerabilities. Most provided no alternative guidance beyond “patch” or recommendations to use secure networks, and the firm concluded that public reporting will need a “huge improvement.”

Another report, authored by Joe Slowik, a Dragos senior threat analyst, noted that 2017 was a defining year in ICS security. Last year alone, two major and unique disruptive attackers were revealed, five distinct activity groups targeting ICS networks were identified, and several large-scale IT infection events with ICS implications occurred.…

Read More »