Overview
Industrial control systems (ICS) surround us: they are used across multiple sectors including electricity, water and wastewater, oil and natural gas, transportation, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (e.g., automotive, aerospace, and durable goods). Smart cities, smart houses, smart cars, and medical equipment – all of these are driven by ICS.
The number of ICS components available over the Internet increases every year, and the expansion of the Internet makes ICS easy prey for attackers. Taking into account that, initially, many ICS solutions and protocols were designed for isolated environments, their new online availability can make it possible for a malicious user to cause impact on the infrastructure behind the ICS, due to its lack of Internet-ready security controls.
Moreover, some components are vulnerable themselves. The first information about vulnerabilities in ICS components became available in 1997, when only two vulnerabilities were published.
Since then the number of vulnerabilities has significantly increased. Over the past five years, this index has increased from 19 vulnerabilities in 2010 to 189 vulnerabilities in 2015.
Sophisticated attacks on ICS systems are not new anymore. Here, it is worth remembering the 2015 incident in Ivano-Frankivsk, Ukraine, where around a half of the area’s houses were left without electricity because of a cyber-attack against the Prykarpattyaoblenergo power company.
It was only one of multiple victims of the BlackEnergy1 APT campaign. Another notable incident in 2015, described in the Verizon Data Breach Digest2, was an attack on the Kemuri Water Company’s ICS infrastructure.
Intruders infiltrated a water utility’s control system and changed the levels of chemicals being used to treat tap water. The intrusion was performed through a vulnerable externally available system, which managed the programmable logic controllers (PLCs) regulating the valves and ducts that controlled the flow of water and chemicals used through the system.
In 2015, there were other reports of ICS-related incidents, such as attacks on a steel mill in Germany and on the Frederic Chopin Airport in Warsaw3.
This report provides an overview of the 2015 worldwide situation with ICS security, looking at vulnerabilities, and the vulnerable ICS components exposed to the Internet.
