New Delhi– The vulnerabilities in industrial control systems (ICS) — the technological backbone of electricity grids, water supplies and production lines — have risen sharply over the past six years including in India, the US-based network security company FireEye revealed on Wednesday.
These vulnerabilities can affect the reliable operation of sensors, programmable controllers, software and networking equipment used to automate and monitor the physical processes that keep our world running, it added.
“Security personnel from manufacturing, energy, utilities and other sectors are often unaware of their own control system assets, not to mention the vulnerabilities that affect them,” said Bryce Boland, Chief Technology Officer for Asia Pacific at FireEye.
“As India’s efforts to digitize utilities and other services move ahead, it is critical that organisations assess the risks they face and ensure they can detect and respond to cyber attacks against them,” Boland added in a statement.
Over one third of the nearly 1,600 vulnerability disclosures that FireEye examined have no fixes issued by the vendors, presenting clear opportunities for adversaries.
Nation-state cyber threat actors have exploited five of these vulnerabilities in attacks since 2009 and four of these can be tied to direct geopolitical objectives.
To improve security, organisations must prepare their security teams with an accurate understanding of control system assets, their locations and functions.
“Track vulnerable and unpatched products currently used in the industrial environments and prioritise vulnerability remediation by considering ICS architecture location,” FireEye added.