Cybersecurity, Industrial IT, Whitepapers

Industrial Control Systems (ICS) Vulnerability Trend Report

In the past several years, a flood of vulnerabilities has hit industrial control systems (ICS) — the technological backbone of electric grids, water supplies and production lines. These vulnerabilities affect the reliable operation of sensors, programmable controllers, software and networking equipment used to automate and monitor the physical processes that keep our modern world running.
This report highlights trends in total ICS vulnerability disclosures, patch availability, vulnerable device type and vulnerabilities exploited in the wild.

Key Judgements:

FireEye iSIGHT Intelligence counted just 149 ICS vulnerability disclosures that were made between January 2000 and December 2010. Through April 2016, we have counted 1,552.
Most (58%) of the 801 ICS-specific vulnerability disclosures since February 2013 dealt with Level 2 (L2) in the simplified Purdue ICS architecture model, which describes how manufacturing devices interface with computers.
Of the 1,552 total vulnerability disclosures examined, 516 (33%) had no vendor fixes.
Through April 2016, at least five ICS-specific vulnerabilities have been exploited in the wild and the rate will increase in the future.

The number of publicly disclosed ICS vulnerabilities is increasing rapidly due to outdated technology. Download the report to get an analysis of vulnerabilities by ICS level including patch availability and recommendations.