The CyberX-Files – Issue #1

The CyberX-Files – Issue #1

Welcome to the 1st issue of the CyberX-Files — our monthly digest of news, research and analysis related to ICS, SCADA and OT security. We’ve scoured the world for articles that are thought-provoking, informative, and relevant (and we promise not to bore you with fluffy marketing content). If you’re on the front-lines of ICS security, please let me know if you find these articles helpful! Best regards, Phil Phil Neray | VP Industrial Security | CyberX ICS/SCADA/OT Security News 53% of Industrial Facilities Have Experienced a Breach SecurityWeek According to a Honeywell-commissioned survey of 130 decision makers from industrial organizations: Over half (53%) have suffered a cybersecurity breach. Respondents listed a range of breach sources including malware spread from other parts of the enterprise, malicious hackers, government-sponsored attacks, direct attacks on control systems, DoS attacks, and removable media. Less than a third have implemented best practices such as access control for plant computers (30%); user authentication for HMI devices (24%); and up-to-date Windows systems (17%). Editor’s Note: The Honeywell report echoes many of the findings in CyberX’s “Global ICS & IIoT Risk Report,” a data-driven analysis of real-world vulnerabilities identified via passive monitoring of traffic from 375 production ICS networks worldwide. Read the full story on SecurityWeek.com Researchers Find Nearly 150 Vulnerabilities in SCADA Mobile Apps DarkReading Security researchers randomly selected 34 Android mobile apps in the Google Play Store — written by well-known ICS/SCADA automation vendors, such as Schneider Electric and Siemens, and third-party developers — to check for vulnerabilities based on the OWASP Mobile Top 10. Here’s what they found: 147 security flaws that could be exploited...