top of page
  • Writer's pictureAnup Ghosh

ICS Vulnerabilities Point to Urgency to Securing Industrial Controls

The Download

Several manufacturers of industrial control systems (ICS) announced on June's Patch Tuesday severe vulnerabilities in their software used by industrials to run their plants. The manufacturers include Siemens, Schneider Electric, and Aveva, The US CISA published a separate advisory on vulnerabilities in other industrial control systems from Rockwell Automation and Micro Dicom.

The impact of these vulnerabilities can be particularly acute for critical infrastructure companies and utilities that may under-invest in cybersecurity talent and products. Municipal utilities make for a soft target for ransomware gangs and other critical infrastructure providers make for high value targets for foreign nations.

What You Can Do

CISA recommends first minimizing public exposure to industrial control systems, meaning ensure these systems do not have a public attack surface. When systems do require remote administration, as is often the case, CISA recommends using secure VPNs. However, we have seen a rash of vulnerabilities in VPN services that have been actively exploited.

The bottom line is to know your attack surfaces, scan and pen test them frequently, and get out in front with patch and mitigation strategies ahead of the adversary.

For more information:



bottom of page