Industrial control system (ICS) cybersecurity has been a major concern for both the public and private sectors. Despite significant efforts to strengthen security measures, threat actors are still finding ways to exploit vulnerabilities in Internet of Things (IoT) and operational technology (OT) devices.
Recent research conducted by Nozomi Networks examined public IoT/OT cyber incidents over the past six months and revealed a surge in cyberattacks against ICS systems. Ransomware and DDoS attackers were among the various threat actors identified in these attacks. The manufacturing, water treatment, food and agriculture, and chemical sectors were noted to be the most frequent targets in early 2023.
Nozomi Networks recorded an average of 813 unique cyberattacks daily on its honeypots during the first half of this year. Additionally, the peak of these attacks occurred on May 1, with 1,342 attacks in a single day.
Further research conducted by SynSaber, obtained by Dark Reading, shed light on the underlying factors contributing to this increase in nefarious activity against ICS networks. While the overall number of reported ICS Common Vulnerabilities and Exposures (CVEs) in the first half of the year decreased by 1.6% compared to 2022, 34% of ICS CVEs reported in the same period lacked available patches or remediation, representing a 13% increase from the previous year.
Melissa Bischoping, an endpoint security researcher with Tanium, explained the reasons behind delayed patches for supervisory control and data acquisition (SCADA) and ICS systems. Bischoping highlighted that system stability and uptime are often prioritized by operations, and many patches require restarts, which could disrupt the production process. Consequently, operators may opt to postpone patches to avoid costly downtimes.
The cost of upgrading ICS systems also serves as a deterrent to timely upgrades. Bischoping mentioned that interoperability and compatibility issues with other systems may hinder upgrades until expensive retrofitting or modernization of shared components can be carried out. Upgrades can come with a hefty price tag in the millions of dollars. However, delaying upgrades can lead to increased risks of system failures or exploitation.
Despite the challenges faced by ICS systems operators, John Gallagher, vice president with Viakoo Labs, highlighted that the research and data gathered on ICS cybersecurity demonstrate that efforts to protect these systems have yielded positive results. He noted that in the past, IoT/OT devices and their vulnerabilities were not a significant focus for line-of-business organizations running them. However, asset discovery, threat assessment, and vulnerability remediation solutions specifically designed for IoT/OT systems have emerged, along with increased governmental and board-level attention to the threats posed by such systems.
The continuous occurrence of cyberattacks against unpatched IoT and OT devices underscores the importance of prioritizing ICS cybersecurity. Efforts to develop comprehensive solutions, including timely patches and system upgrades, are crucial in mitigating the risks and maintaining the stability and security of these critical systems.