Photo (CSO) - Critical infrastructure example
According to a 2016 emergency response team report of industrial control systems (ICS), Malaysia has a risk score of 15 percent, and the country remains a target for cyber attacks ranking 66th on an industrial cyber threats real-time map.
Malaysia remains highly dependent on its industrial sector across manufacturing, infrastructure, power production, photovoltaics, automotive construction and defence. The industrial sector contributed 36.8 percent or over a third of the country's GDP (gross domestic product) in 2014 and employed 36 percent of the labour force in 2012
Further findings from Kaspersky Lab's 'Industrial Control Systems Cyber Emergency Response Team (ICS CERT) Report 2016' - paint a picture confirming that cyber-attacks on industrial control systems are on the increase with 67 percent of information & operational technology (OT) managers finding the security landscape to be critical, a 43 percent increase over 2015 findings.
"Today, the cybersecurity of industrial systems and critical infrastructures is of vital importance," said Vikram Kalkat, senior key account manager, Kaspersky Industrial Cyber Security Global Business Development, APAC Region.
"An increasing number of such systems are using devices and channels that interact with the outside world," said Kalkat. "Sometimes they use equipment that was never intended for external access, not to mention software that was created decades ago and has not been upgraded since!"
Crucial infrastructure weaknesses
"This is a very serious issue because not only is the continuity of the production process at stake, the environment and even human lives can be at risk," he said.
Kalkat said information technologies and process automation systems were crucial to the operation of all modern industrial facilities - from power plants, refineries and assembly lines to railways, airports and smart buildings.
He said while traditional corporate IT networks, placed confidentiality as a top priority, industrial control systems (ICS) demanded continuity and consistency of the technological process.
In addition, regulation and compliance could lead to unprotected operating of critical facilities if the cybersecurity measures do not meet safety requirements.
Kalkat added that traditionally, ICS organisations may not be sufficiently prepared or protected to withstand cyber security attacks. "The design of ICS software and hardware is hard to call secure."
He said the ICS threat report also showed that 17,042 ICS components on 13,698 different hosts were exposed to the internet, possibly belonging to large organisations. These organisations include energy, transportation, aerospace, oil and gas, chemicals, automotive and manufacturing, food and drink, governmental, financial and medical institutions.
To minimise the possibility of a cyber-attack, ICS should be run in a physically isolated environment; however, the report shows that thousands of hosts are being exposed with 91.1 percent of these ICS hosts having vulnerabilities that can be exploited remotely. In addition, 3.3 percent of ICS hosts located in these organisations contain critical vulnerabilities that can be exploited remotely.
Sign up for CIO Asia eNewsletters.