ICS networks and IT networks are becoming increasingly entangled (or more politely, “converging”). Workstations and servers on the ICS networks using standard IT operating systems, such as Windows, is becoming more and more common. Unfortunately, and as many ICS operators are all too aware, these changes are making ICS networks more vulnerable than ever to hacking, especially malware and ransomware attacks.
For example, in 2019 alone, there were multiple major equipment vulnerabilities identified that affect hundreds of millions of ICS devices. From flawed operating system to exploitable digital rights management, the track record of digital ICS development has demonstrated that these vulnerabilities are not going away any time soon.
Adding to this crisis is the increasing number of attacks on ICS. Over 40% of ICS systems were attacked in 2018, and that number is only rising. The latest rash of NotPetya and WannaCry ransomware proved cyberattacks against ICS are certainly not slowing down, but simply patching systems and device applications can go a long way to preventing them. These two attacks relied on the EternalBlue NSA exploit– a security flaw within multiple versions of the Windows operating system – to infiltrate and lock down vital systems, charging a ransom to get them unlocked.
However, the patches to remediate all of these vulnerabilities and prevent these attacks was already available months before they took place. So why didn’t many major organizations patch their vulnerable systems?
Complete the form below to have the full white paper delivered to your inbox and better understand what you can do if you can’t patch.