For CISOs tasked with safeguarding industrial networks, understanding IT security professionals' attitudes, perceptions, and concerns regarding operational technology (OT) is crucial to forging an effective path forward. Our latest research report offers a global perspective on the state of industrial cybersecurity based on an independent survey of 1,000 full-time IT security professionals across the United States, United Kingdom, Germany, France, and Australia.
Our research gleaned insight into the following areas, which are broken down in-depth in our Global State of Industrial Cybersecurity report:
The survey illuminated a notable lack of confidence in the status quo of OT safeguards among IT security professionals in the U.S. relative to other countries. For instance, 51% of industry practitioners in the U.S. believe today's industrial networks are not properly safeguarded, compared to just 4% of their German counterparts.
Worldwide, a clear majority (74%) of respondents in all regions characterized cyberattacks on critical infrastructure as having greater potential to inflict damage than an enterprise data breach.
Respondents identified hacking (43%), ransomware (33%), and sabotage (9%) as the most prevalent attacks against industrial networks. The survey also indicated consensus characterizing electric power (45%) as the sector most vulnerable to cyber attacks on critical infrastructure, followed by the oil and gas (22%), chemical (12%), and transportation (12%) sectors.
Despite a clear consensus (80%) that IT security teams are responsible for protecting an organization's industrial networks, a significant portion of respondents (25% globally, 34% in the U.S.) had not been trained on the differences between IT and OT networks. 93% of respondents said OT-focused cybersecurity should be incorporated into the education and training of IT security professionals.
In addition to identifying key areas for CISOs to focus their efforts, our Global State of Industrial Cybersecurity report offers an actionable roadmap for closing the decades-old cybersecurity gap between IT and OT through increased awareness and education, reduced complexity, simplified governance, and IT–OT alignment.
To learn more, download the report.
CWE-257: Storing Passwords in a Recoverable Format
RND encrypts passwords with a hardcoded weak secret key and returns the passwords in plaintext. If the server were compromised, an attacker could gain all the plaintext passwords and decrypt them.
No patches have been supplied by the vendor at this time. To mitigate risk, network administrators should limit access to the wireless management environments that use these affected products, allowing a limited set of trusted users and their authenticated clients to manage Ruckus infrastructure via a secure protocol such as HTTPS or SSH.
CVSS v3: 5.3
CWE-321: Use of Hard-coded Cryptographic Key
A built-in user called sshuser, with root privileges, exists on the RND platform. Both public and private ssh keys exist in the sshuser home directory. Anyone with the private key can access an RND server as sshuser.
No patches have been supplied by the vendor at this time. To mitigate risk, network administrators should limit access to the wireless management environments that use these affected products, allowing a limited set of trusted users and their authenticated clients to manage Ruckus infrastructure via a secure protocol such as HTTPS or SSH.
CVSS v3: 10.0
CWE-259: Use of Hard-coded Password
RND includes a jailed environment to allow users to configure devices without complete shell access to the underlying operating system. The jailed environment includes a built-in jailbreak for technicians to elevate privileges. The jailbreak requires a weak password that is hardcoded into the environment. Anyone with this password can access an RND server with root permissions.
No patches have been supplied by the vendor at this time. To mitigate risk, network administrators should limit access to the wireless management environments that use these affected products, allowing a limited set of trusted users and their authenticated clients to manage Ruckus infrastructure via a secure protocol such as HTTPS or SSH.
CVSS v3: 8.2
CWE-321: Use of Hard-coded Cryptographic Key
RND uses a secret key on the backend web server to ensure that session JWTs are valid. This secret key is hardcoded into the web server. Anyone with knowledge of the secret key could create a valid JWT, thus bypassing the typical authentication to access the server with administrator privileges.
No patches have been supplied by the vendor at this time. To mitigate risk, network administrators should limit access to the wireless management environments that use these affected products, allowing a limited set of trusted users and their authenticated clients to manage Ruckus infrastructure via a secure protocol such as HTTPS or SSH.
CVSS v3: 9.8
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
An authenticated vSZ user supplies an IP address as an argument to be run in an OS command, but this IP address is not sanitized. A user could supply other commands instead of an IP address to achieve RCE.
No patches have been supplied by the vendor at this time. To mitigate risk, network administrators should limit access to the wireless management environments that use these affected products, allowing a limited set of trusted users and their authenticated clients to manage Ruckus infrastructure via a secure protocol such as HTTPS or SSH.
CVSS v3: 9.0
