ICS Tabbed as Hacking Contestants’ Easiest Targets

It turns out that it’s pretty easy to hack the systems that run our power grid. Last week at Pwn2Own Miami 2022, a hacking contest focusing on industrial control systems (ICS), contestants earned a total of $400,000 for their exploits. Two Dutch researchers even took home $90,000 and a championship trophy by targeting the software that helps run the world’s critical infrastructure.

The worst part? They said it was their “easiest challenge yet.”

Naturally, these feats raise the question: Why is it so easy to break into the systems that run the world’s most critical, far-reaching technologies?

OT security expert Mark Carrigan, SVP of Process Safety and OT Cybersecurity at Hexagon PPM shred some much needed light on the results of this event.

"This exercise and the payout these researchers were able to secure is an excellent demonstration of how easily hackers are able to break into critical infrastructure systems. The technology underlying ICS and OT is dated and was never designed with security in mind – cybersecurity experts have been saying this for years, and these researchers' success is another example of just how easy these systems are to compromise. We'll continue to see vulnerabilities in the ICS world over the coming months and years. Although the industry is making improvements, ICS and OT systems are maturing at a pace that is far slower than the threat actors’ capabilities, and that's not likely to change any time soon. Operators must implement measures to reduce the impact and consequence of cyber attacks. No one is exempt from these attacks. The researchers at Pwn2Own have demonstrated how easy it is to hit these systems and it's time for operators to focus their security roadmaps on consequence and ultimately enterprise risk reduction.”