Six Weaknesses In Industrial Systems: FireEye
Industrial enterprises including electric utilities, petroleum companies, and manufacturing organizations invest heavily in industrial control systems (ICS) to efficiently, reliably, and safely operate industrial processes. Without the technology operating the plant floor, their business doesn’t exist.
Board members, executives, and security officers are often unaware that the technology operating the economic engine of their enterprise invites undetected subversion. Security company FireEye in a recent report, explains the six key weaknesses that adversaries can use to undermine industrial operations.
“Industrial plants have quickly become much more reliant on connected systems and sensors for their operations, yet the cyber security of most plants is not nearly as strong as it needs to be. As industrial initiatives such as Make in India progress, a clear understanding of the common weaknesses in plant environments will help corporate boards, executives and security officers engage in knowledgeable conversation about security, ask discerning questions, and make sound investments,” said Bryce Boland, Chief Technology Officer for APAC, FireEye.
Here are the six key weaknesses mentioned by the security vendor.
- Unauthenticated protocols: When an ICS protocol lacks authentication, any computer on the network can send commands that alter the physical process. This may lead to incorrect process operation, which damages goods, destroys plant equipment, harms personnel, or degrades the environment.
- Outdated hardware: ICS hardware can be operational for decades. This hardware may operate too simplistically or lack the processing power and memory to handle the threat environment presented by modern network technology.
- Weak user authentication: User authentication weaknesses in legacy control systems often include hard-coded passwords, easily cracked passwords, passwords stored in easily recoverable formats, and passwords sent in clear text. An attacker who obtains these passwords can often interact with the controlled process at will.
- Weak file integrity checks: Lack of software signing allows attackers to mislead users into installing software that did not originate from the vendor. It also allows attackers to replace legitimate files with malicious ones.
- Vulnerable Windows operating systems: Industrial systems often run unpatched Microsoft Windows operating systems, leaving them exposed to known vulnerabilities.
- Undocumented third-party relationships: Many ICS vendors may not immediately know the third-party components they use, making it difficult for them to inform their customers of the vulnerabilities. Adversaries who understand these dependencies can target software the industrial firm may not even know it has.
- Indian Firms May Lose Rs 11 Cr To Data Breaches This Year: IBM
- Why Is Cloud Computing The Most Disruptive Force
- 5 Tech Trends That Will Change Banking Experience In India
- Home Automation: The Rising Star Of Tech World
- WannaCry Ransomware: 5 Tips To Stay Guarded
- 'Cashless India' Still Far-Fetched Without Proper Security
- HDS Appoints Sanjay Agrawal As Director - Platforms And Solutions
- Homegrown Firm Develops A Solution To Thwart Ransomware
- SDN Tipped As The Next Game-Changer In India
- Botnet Attacks Witnessed Steady Rise In India In 2016: Fortinet