Reacting to reports that US Industrial Control Systems were attacked by hackers 245 times in 12 months, Rob Miller, security consultant at MWR InfoSecurity, said: "Many organisations we work with are taking these reports very seriously. The report shows that the rate of new vulnerabilities being discovered in ICS equipment has remained steady for the last four years. ICS operators cannot therefore rely on vendors taking care of their security for them.
Organisations may feel that their ICS systems are beyond the reach of attackers, but attacks like those against the Norwegian oil sector last year have demonstrated these assumptions to be false. ICS, far from being an air-gapped, proprietary system, is now often integrated to our IT networks as companies strive to improve performance and reduce costs. This can be done without impacting security, but only if security is considered during its design.
Ultimately better ICS security comes from not only controlling the borders of an ICS system, but by also introducing the ability to monitor and detect attacks, and through training of staff to respond appropriately."