In 2017 I had many conversations with organisations working in the operational technology (OT) space - both on the security vendor side and organisations utilising OT systems themselves in various ways.
A common thread throughout these conversations was the increasing (or already increased) connectivity to the OT environment - either via a shared connection (albeit metered) between IT and OT, or greater direct connectivity to the OT environment from the Internet.
Another connection to these systems that raises concerns is the use of commodity-type phone apps to control and report on SCADA/ICS systems themselves. Today we learn that these apps are potentially another route into what has histrionically been a segregated and independent system type.
The research performed by Bolshev and Yushkevich over the last year really highlights for me the continued work that we need to do on building a security-first generation of OT systems that really take account of the increased threat surface and willing attack groups looking to access and exploit these systems.
Lets make 2018 the year of Secure OT!
Researchers have found worrying security holes in apps companies use to control industrial processes.