SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
FireEye says industrial cybersecurity is far too vulnerable - and the stakes are high
Tue, 16th Aug 2016
FYI, this story is more than a year old

FireEye has released a report that shines light on how industrial and utilities providers manage the security of their own industrial control systems (ICS) assets, and the effects can put an entire country at stake.

ICS assets encompass everything from electricity grids, water supplies and powerlines. The industry hires about 137,000 people across Australia, and has millions of customers.

FireEye examined security staff in utilities and other industries worldwide. The report showed that most are unaware of their assets and their vulnerabilities over the past fifteen years, as documented by company research.

The vulnerabilities can affect everything from sensor operation, controller programming, software and networking equipment used for automation.

The report also found that there were 1552 vulnerabilities in April 2016, compared to just 149 between January 2000 and December 2010.

Of these 1552 vulnerabilities found this year, 516 of them didn't even have a vendor fix, either because they are unpatched or the technology is so old that they are unpatchable.

What's more, at least five of these vulnerabilities have been exploited by nation-state cyberattackers since 2009. FireEye states that ignoring the warning signs leaves industrial environments exposed to threats.