FireEye, Inc., the leader in stopping today's advanced cyberattacks, recently released a report titled Overload: Critical Lessons from 15 Years of ICS Vulnerabilities, which highlights trends in total Industrial Control Systems (ICS) vulnerability disclosures, patch availability, vulnerable device type and other vulnerabilities exploited by threat actors.
Since 2000, FireEye iSIGHT Intelligence has identified nearly 1,600 publicly disclosed ICS vulnerabilities. The report assesses the depth and breadth of these vulnerabilities in the ICS landscape and how threat actors try to exploit them. To make matters worse, many of these vulnerabilities are left unpatched and some are simply beyond restoration due to outdated technology, thus increasing the attack surface for potential adversaries. In fact, nation-state cyber threat actors have exploited five of these vulnerabilities in attacks since 2009.
Key findings by FireEye include:
In the past several years, a flood of vulnerabilities has hit industrial control systems (ICS) – the technological backbone of electric grids, water supplies, and production lines. Unfortunately, security personnel from manufacturing, energy, water and other industries are often unaware of their own control system assets, not to mention the vulnerabilities that affect them. As a result, organizations operating these systems are missing the warnings and leaving their industrial environments exposed to potential threats.