Yesterday, the BBC reported that security flaws have been found in major city infrastructure such as flood defences, radiation detection and traffic monitoring systems. A team of researchers found 17 vulnerabilities, eight of which it described as “critical”. The researchers warned of so-called “panic attacks”, where an attacker could manipulate emergency systems to create chaos in communities.
Following this news, Andrea Carcano, Co-founder and CPO, Nozomi Networks, said:
“Increasingly, attackers are targeting critical infrastructure, such as transportation systems and power grids, around the world. Due to the criticality of their services and gaps in cybersecurity protection, these systems have become juicy targets for cyber criminals.
“Indeed, last year a new attack vector emerged that demonstrated the ingenuity of hackers and escalated the threat of virtual intrusions to a critical level. Using malicious software, dubbed ‘Triton’, attackers were able to modify application memory on SIS controllers in the environment, which could have led to a failed validation check. Luckily, Triton failed. However, our recent analysis of the malware revealed that the effort, skills and financial resources needed to create such an attack are not as high as originally thought. This realization, combined with the knowledge that a growing number of hackers have critical infrastructure in their sights, should serve as a wake-up call to all industrial control operators to move quickly on all fronts to strengthen their cybersecurity culture for the entire industry.
“With cyber threats like Triton, Industroyer and WannaCry along with other types of cyberattacks targeting critical infrastructure growing in frequency and sophistication, it is imperative to put plans in place to address the problem. As more vulnerabilities and security issues are brought into the open a larger cyber security community is forming that is sharing its expertise and knowledge with a common goal to identify, raise awareness, and provide solutions to cybersecurity challenges. In addition, the innovation and implementation of advanced cybersecurity technologies, such as machine learning and artificial intelligence, are an important step toward safe and reliable critical infrastructure.”