Why Is It So Easy To Break Into The Systems That Run The World’s Most Critical, Expert Weighs In

Last week at Pwn2Own Miami 2022, a hacking contest focusing on industrial control systems (ICS), contestants earned a total of $400,000 for their exploits. Two Dutch researchers even took home $90,000 and a championship trophy by targeting the software that helps run the world’s critical infrastructure. 
The worst part? They said it was their “easiest challenge yet.”

Naturally, these feats raise the question: Why is it so easy to break into the systems that run the world’s most critical, far-reaching technologies?

Experts Comments

April 26, 2022
Mark Carrigan
Chief Operating Officer
PAS Global

This exercise and the payout these researchers were able to secure is an excellent demonstration of how easily hackers are able to break into critical infrastructure systems. The technology underlying ICS and OT is dated and was never designed with security in mind – cybersecurity experts have been saying this for years, and these researchers' success is another example of just how easy these systems are to compromise. We'll continue to see vulnerabilities in the ICS world over the coming

.....Read More

This exercise and the payout these researchers were able to secure is an excellent demonstration of how easily hackers are able to break into critical infrastructure systems. The technology underlying ICS and OT is dated and was never designed with security in mind – cybersecurity experts have been saying this for years, and these researchers' success is another example of just how easy these systems are to compromise. We'll continue to see vulnerabilities in the ICS world over the coming months and years. Although the industry is making improvements, ICS and OT systems are maturing at a pace that is far slower than the threat actors’ capabilities, and that's not likely to change any time soon. Operators must implement measures to reduce the impact and consequence of cyber attacks. No one is exempt from these attacks. The researchers at Pwn2Own have demonstrated how easy it is to hit these systems and it's time for operators to focus their security roadmaps on consequence and ultimately enterprise risk reduction.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.