Could the electric grid really be taken down with a $50 device secreted in the bottom of a coffee cup as some researchers have claimed? Perhaps. But the more likely threat comes from bad actors with markedly improved capabilities who’ve ramped up their attacks on critical infrastructure and utilities.

Consider that 70 percent of industrial controls system (ICS) vulnerabilities disclosed in the first half of 2020 can be exploited remotely, according to a report from Claroty, a problem that has grown more acute since the pandemic forced ICS-driven facilities to rely even more on work-from-home personnel, leaving networks further susceptible to unauthorized tampering.

Claroty said the energy, critical manufacturing, and water and wastewater infrastructure sectors were by far the most impacted during the first half 2020 based on the analysis of 363 ICS vulnerabilities published in the National Vulnerability Database (NVD) and 139 ICS advisories affecting 53 vendors issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Compared with the first half of 2019, ICS vulnerabilities reported by NVD increased by 10.3 percent from 331, while ICS-CERT advisories increased by 32.4 percent from 105. More than 75 percent of vulnerabilities were assigned high or critical Common Vulnerability Scoring System (CVSS) scores.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.