SINGAPORE — A cybersecurity expert has warned of potential threats against old devices in industrial control systems, which are used in the operations of critical infrastructure in the industrial sector such as in energy, water, and transportation services.
According to Costin Raiu, director of Global Research and Analysis Team at cybersecurity company Kaspersky Lab, developed countries that are using old devices are in a “more complicated position” than developing countries that are adopting new technology.
“The new countries that are now getting developed, they generally have access to new technologies which are more secure than 10 or 15 years ago,” he told INQUIRER.net on Wednesday at the sidelines of the Security Analyst Summit hosted here by Kaspersky Lab.
“When you deploy some kind of infrastructure, it’s very important to keep up and deploy the new technologies as opposed to just putting them there and have them for forty years without any kind of changes,” he said.
According to Raiu, cybercriminals take advantage of the systems being connected to the Internet, especially those that are “exposed” because of having weak passwords or default access credentials.
He said attacks can also happen when companies use operating systems “with vulnerabilities that hackers can just exploit.”
Cybercriminals have two possible goals in attacking industrial control systems, said Raui.
“One possible goal is cyberespionage, where they steal formulas that are used to produce certain materials. A lot of these high-end manufacturing companies, they have a secret formula for nano-technology and materials. So espionage could be one of the goals,” he said.
“The other goal which is becoming more popular nowadays is sabotage. Their goal is just to sabotage the operations of the company, to put them is a very bad situation where somebody else can take advantage of that situation,” he added.
In securing industrial control systems, Raiu said the responsibility should be shared between the government and private companies that own these facilities.
“What’s very important to keep in mind is basic hygiene, strong passwords for all the systems. Don’t expose critical infrastructure on the Internet. Directly put it behind firewalls. Don’t forget the security patches. Security patches are good and important part of the security system. Don’t leave unpatched system on the Internet because you will be sure they will be attacked and hacked,” he said. /ee