Critical Infrastructure on the Frontline
Industrial control systems (ICS) play an essential role in automating the critical processes that bring electricity and water to our homes, prevent mass transit gridlock, and ensure a steady flow of goods from our factories.
But, unlike the isolated systems of the past, ICS are now highly automated, computerized environments that utilize standard software and hardware components that are increasingly connected to networks such as the web.
Consider this: in December 2013, Positive Technologies identified more than 68,000 ICS components spanning six continents that were exposed through the Internet, including SCADA, smart grids, remote terminal units (RTU), programmable logic controllers (PLC), MES, and ERP systems.
Exposure on a Global Scale
Although connectivity can increase productivity and profitability, it also exposes your ICS to the full range of IT security risks. So it’s no surprise that ICS components are becoming increasingly popular targets for attackers. Stuxnet, Shamoon, Dragonfly, and Flame are some of the most notorious examples of this new breed of cyberthreat.
Our experience with ICS security assessments suggests that many organizations are also vulnerable to significant unintentional threats. Our experts, who regularly conduct dozens of ICS security audits, find that, on average, 70% of human machine interfaces (HMIs) have been modified for use as desktops, creating even more passageways for cybercriminals to crawl through.
Be Proactive—Start Assessing Your Risk
At Positive Technologies, we understand there is no "quick fix" to ICS security: you can’t treat an HMI or SCADA system like just another desktop or business application. And it can take months, or even years, to deploy updates or enforce recommended security configurations.
However, to keep your ICS secure, you must proactively identify vulnerabilities and potential attack vectors, assess and prioritize threats, and remediate weaknesses where possible. You also need to demonstrate compliance with a growing array of regulatory standards.
Positive Technologies helps many large manufacturing, petrochemical, utility, and transportation companies meet their ICS/SCADA security challenges head-on with:
Automated vulnerability assessment of PLC, SCADA, MES, and ERP systems
- ICS security audits and compliance checks
- Customized policy development and implementation plans
- Threat intelligence monitoring, including zero-day vulnerability alerts, anomaly detection, and remediation tactics
- Incident management and forensics in ICS environments
We have been actively collaborating for many years with leading ICS vendors such as Honeywell, Schneider Electric, Siemens, and Yokogawa. Conducting regular security audits on these large-scale systems gives Positive Technologies a comprehensive understanding of how to detect and eliminate ICS/SCADA vulnerabilities.
To date, our ICS experts have uncovered more than 200 zero-day vulnerabilities in industrial control systems.
Positive Technologies can help your organization begin to protect its most critical assets. Be proactive.