CyberX recently released its 2020 Global IoT/ICS Risk Report (Report), which compiles survey questions and answers from 1,821 production networks of electric utilities, and oil and gas companies. Although the Report admitted that oil and gas companies and electric utilities tend to be ahead of the curve on cybersecurity compared to other sectors, they are becoming more vulnerable because they are more reliant on Internet of Things (IoT) and industrial control systems.
According to the Report, utility networks and unmanaged devices are “soft targets for adversaries” and utilities are vulnerable because they are using outdated operating systems and unencrypted passwords. Its survey found that more than 70 percent of the sites monitored have outdated operating systems, and 64 percent use unencrypted passwords.
The authors note that “[o]lder and unpatched Windows systems are particularly vulnerable to successfully compromise them—they simply need to exploit known vulnerabilities that are publicly-documented in open source databases….We know there are older versions of Windows running in many utilities.”
In addition, as they deploy more IoT devices that are connected to their networks, this is increasing vulnerabilities because “as these smart devices get deployed, they increase the attack surface.”