The recent discovery of 19 vulnerabilities in a lightweight TCP/IP library has sent shockwaves across industries as it exposes millions of organizations to potential cyberattacks. Known as Ripple20, these vulnerabilities were found in a library first released back in the 1990s.
The vulnerabilities vary in severity, but some can allow an attacker to control an affected device remotely, or cause availability issues. The number of affected systems was estimated to be in the hundreds of millions, and the affected products include "smart home devices, power grid equipment, healthcare systems, industrial gear, transportation systems, printers, routers, mobile/satellite communications equipment, data center devices, commercial aircraft devices, various enterprise solutions, and many others."
Quite obviously, everyone wondered aloud how these vulnerabilities could exist in so many products and go unnoticed for over 20 years. However, I am not surprised by the situation. Poor security practices implemented in industrial control systems (ICS) and the Internet of Things (IoT) have contributed to how vulnerabilities like those outlined in the Ripple20 research propagate throughout so many products.
Understanding Risk, Software Quality in ICSSeveral ICS manufacturers' products, including various makes and models of programmable logic controllers (PLCs) and multiple human-machine interface (HMI) manufacturers, are primarily designed with safety and availability in mind. The reliability of PLCs is exceptional—ICS systems can be deployed in production facilities for decades and still function properly.
Safety is engineered into all ICS systems at a physical level, not just a logical level. This leads me to the topic of risk as it relates to the majority of industrial control systems.
While there are ce ..
Support the originator by clicking the read the rest link below.
