Connect with us

Hi, what are you looking for?



ICS Environments: Insecure by Design

Industrial Control System Design Flaws Have a Profound Impact on Security Posture of Operational Networks

Industrial Control System Design Flaws Have a Profound Impact on Security Posture of Operational Networks

It’s a generally known fact that most Industrial Control System (ICS) environments were not built with cyber security in mind because they were designed before the cyber threat existed. For decades these networks were protected by an air-gap, disconnected from the outside world. With the introduction of commercial off the shelf (COTS) technology in the 1990s (which replaced proprietary, purpose-built industrial hardware and software) and the increasing connectivity to corporate networks and the Internet, these systems have become more exposed to cyber threats and the risk of compromise.

The impact of vulnerabilities and design flaws

Like IT networks, ICS environments are susceptible to software and hardware vulnerabilities. In recent years there has been a significant increase in the number of ICS vulnerabilities reported. Even though such vulnerabilities can pose exceptional risk to industrial control systems (like one discovered in Schneider Electric Unity Pro software), an attacker can still compromise an ICS network and cause disruptions to operations without exploiting them. The focus on the large number of ICS vulnerabilities routinely reported obscures a very important point: even when an industrial organization has mitigated all vulnerabilities, there are still design flaws that cyber attackers can easily exploit to compromise an ICS.

ICS networks have become easy targets because they lack basic security controls such as authentication, and do not support encrypted communication. In IT security terms, this represents a major design flaw that adversely impacts the overall security of the ICS environment. This means that anyone with network access can make changes to controller logic and configuration which can severely affect operations and have a catastrophic impact on plant safety and reliability.

Visibility and control in ICS networks

ICS networks suffer from a lack of visibility which prevents engineering and security staff from identifying a malicious actor compromising critical assets, or a contractor that may be making an unauthorized change to the configuration of a controller. Not knowing with certainty what’s happening in these networks severely impacts the staff’s ability to detect and respond to incidents, whether caused by cyber threats or human error. 

Due to this lack of security controls, anyone with access to ICS networks can – maliciously or unintentionally – make control-plane engineering changes to the controllers which manage  industrial processes. Control-plane changes to the controllers, like code updates and configuration changes, are very difficult to identify. It can take days or weeks to identify changes and most importantly, it is difficult to respond to incidents and revert the system back to its original state. These factors significantly increase the potential for operational disruptions and makes threat mitigation a complex process that is resource intensive and time consuming.

Advertisement. Scroll to continue reading.

When an organization has the ability to track all activities occurring in their ICS network in real-time, they can quickly identify incidents, pinpoint their cause, and respond to malicious or erroneous activity.

As long as security controls aren’t available to prevent unauthorized/malicious changes, the design flaws of ICS will continue to affect their security posture and put them at a high risk of compromise. No amount of vulnerability remediation can prevent access to the controllers on ICS networks or mitigate the risk of compromise resulting from a lack of security controls.

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...


Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...