The industrial control systems (ICS) used to run equipment in manufacturing, energy, and other sectors are secured differently from office networks. Vulnerabilities often go unpatched, because organizations are afraid to make changes that might cause downtime. To minimize the chances of exploitation of vulnerabilities, measures put in place include placing ICS components on a separate network, isolating them, or air-gapping them entirely from Internet-connected corporate systems. However, penetration testing performed by Positive Technologies has shown that such measures often fall short in practice, leaving attackers plenty of opportunity to access critical equipment. In tests, attackers were able to penetrate the…
[Continue Reading]