Please assign a menu to the primary menu location under menu

Industrial cyber security continues to be poor, warns report

no thumb

Unprotected industrial control systems (ICS) can be found by simply searching on Google or Shodan, according to a research report UK-based security firm Positive Technologies.

This is especially worrying in light of the fact that ICS components left exposed to the public internet is increasing every year, and that these components typically run factories, transport networks, power plants and other facilities.

The researchers found a nearly 10% increase to 64,287 in the past year of IP addresses for ICS components in the US, which along with the Germany, China, France and Canada have the largest number of internet-accessible ICS components.

Of the 175,632 internet-accessible ICS components detected, approximately 42% were in the US, followed by Germany with 13,242, France (7,759), Canada (7,371), Italy (5,858) and China (4,285).

The UK ranked 7th in 2017 with 4,240 internet-accessible ICS components detected, which is worse than countries like Spain, the Netherlands, Australia Belgium, South Korea, Norway and Sweden.

The research also noted that a growing number of internet-accessible ICS components are actually network devices, such as Lantronix and Moxa interface converters, which represented nearly 13% of detected components in 2017, up from 5.06% in 2016. Although these converters are often regarded as relatively unimportant, they can be quite useful for hackers, the researchers said, as has been seen in a number of high-profile attacks.

The most common software on internet-accessible ICS components is Niagara Framework components, which connect and enable management control over systems like air conditioning, power supplies, telecommunications, alarms, lighting, security cameras and other important building systems.

Another key finding of the report is the growing number of vulnerabilities in ICS components being reported by major suppliers, with this number up 71% from 2017 to 197. Over half of these vulnerabilities were of critical or high risk in nature, the report said.

A large share of the vulnerabilities disclosed in 2017 involved ICS network equipment such as switches, interface converters, and gateways. This is especially worrisome, the report said, because network equipment is increasingly internet-connected and most reported ICS vulnerabilities can be exploited remotely without attackers needing to obtain privileges to access targeted systems.

In terms of the number of vulnerabilities publicly disclosed in 2017, the previous year’s leader, Siemens, fell back to second place. The 47 vulnerabilities disclosed in Schneider Electric ICS products are almost 10 times as many as the number from the year before, while Moxa showed a growing vulnerability count with 36 in 2017 compared with 18 in 2016.

“Despite numerous incidents, reports, and large-scale regulatory efforts, it is alarming that, overall, industrial systems are not more secure than they were ten years ago,” said Vladimir Nazarov, head of ICS security at Positive Technologies.

“Today, anyone can go on the internet and find vulnerable building systems, datacentres, electrical substations, and manufacturing equipment,” he said.

Lives at stake

According to Nazarov, ICS attacks can mean far more than just blackouts or production delays. “Lives may be at stake, and this is why it’s so important that before even writing the first line of code, developers design-in the security mechanisms necessary to keep ICS components secure. And, when these mechanisms eventually become outdated, they need to modernise them in a timely manner.”

The report said basic measures that can be taken immediately by organisations include:

  • Separating operational networks from the corporate and external networks such as the internet
  • Diligently installing security updates
  • Regularly auditing the security of ICS networks to identify potential attack vectors

Source link

read more

The Robot Revolution: Manufacturing 2.0

no thumb

Some economists are saying that the world is entering a “second machine age.”

Artificial intelligence and other advancements are enabling robots to perform tasks that, until recently, only human eyes, hands and minds could handle.

In this episode of Moving Upstream, we traveled through Asia to see the next generation of robots. And we were amazed by the capabilities of the newest machines.

The possibilities unleashed by artificial intelligence could eventually lead to human workers being replaced by robots in occupations that have yet to be affected by automation. For an example, check out the robotic chef in our video.

Last year, Chinese demand for robots grew more than 20%. Companies are buying them in response to a steady rise in employee wages. But the global impact of the acceleration in robotic automation is difficult to calculate — even for economists who are experts in the digital economy.

“This is a moment of choice and opportunity. It could be the best 10 years ahead of us that we’ve ever had in human history or one of the worst,” says

Erik Brynjolfsson,

director of MIT’s Initiative on the Digital Economy. “The tools by themselves are not going to lift up the billions of people who are being left behind.”

Source link

read more
1 5,304 5,305 5,306 5,307 5,308 5,434
Page 5306 of 5434