Tech Crunch recently took a look at the three industries that they consider the “dinosaurs” of cybersecurity: aircraft, power utilities and healthcare.
Last year, malware known as BlackEnergy was used to target the industrial control systems of utilities companies so that hackers could install backdoors to their systems. Despite warnings from DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), it took months and, in some cases, years for patches to be created to solve the problem. Even more concerning is the time required for companies to adopt these patches to protect their systems, which the article claims is “a reflection of the fact that industrial systems have never been designed for the constant updates and patches that the modern world requires to continually secure systems. Perhaps the best example of how far these systems lag behind modern security requirements is the fact that none of the widely used industrial control protocols even support authentication, let alone encryption.”
Another target is the healthcare industry. The industry has a fairly open infrastructure, with new devices that make it easy for hackers to gain access to secure networks. Although initiatives have been developed to deal with these problems, hackers are continuing to target medical equipment and other healthcare interfaces to compromise healthcare systems. According to Tech Crunch, “the IT staff at hospitals have no insight into what software is actually running on medical equipment. Understandably, the equipment manufacturers do not want unintended changes made to the configurations of these device.”
Finally, aircraft have recently been shown to have a number of cybersecurity weaknesses due to the widespread adoption of satellite or cellular communications links to the ground for Wi-Fi and inflight entertainment. The FBI is currently investigating cyber expert Chris Roberts, who supposedly hacked his flight to make the plane fly sideways.