SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

ICS Security Risks Evolve

July 12, 2017

SANS Institute's annual survey of industrial control systems (ICS) security practitioners finds that threats are shifting, identifying attacks remains challenging, and some basic security practices are not implemented.

The fourth year of the survey found some improvements in protecting critical assets and infrastructure, while other challenges have emerged. For example, four out of 10 ICS security practitioners lack visibility or sufficient supporting intelligence into their ICS networks, which is one of the primary impediments to securing these systems. Ransomware was newly identified as a top threat, along with the growing addition of devices to the network.

Despite the high-profile news coverage of recent attacks of unpatched systems, SANS found that only 46% of respondents regularly apply vendor-validated patches. An astounding 12% neither patch nor layer controls around critical control system assets.

Bengt Gregory-Brown, survey author, noted, "Changes in ICS/SCADA environments have historically come at a pretty slow pace, but this pace is accelerating with IT/OT convergence, and the speed of change is challenging everyone working with these systems to keep up or accept growing levels of risk."

Survey responders placed the highest priority on keeping OT systems reliable and available.

"With nearly 69% of ICS security practitioners saying threats to the ICS systems are high or severe and critical, it becomes clear that companies must pay attention at the highest levels to ensure the safety, reliability and integrity of their company's control systems," said Doug Wylie, director of the Industrials & Infrastructure Practice Area at SANS Institute.

Terms of Use | Copyright 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement