Risk of Nation-States causing real-world harm to U.S. water, electrical, and transportation systems requires Phosphorus’ prevention-based CPS security that moves beyond detection to proactively discover, remediate, and manage vulnerable OT, IoT, and ICS devices.
NASHVILLE, TN – Phosphorus Cybersecurity Inc., the leading provider of unified, prevention-based security management for the xTended Internet of Things (xIoT), is today urging all organizations and network defenders protecting critical U.S. infrastructure to take a more proactive stance on securing and managing their vulnerable, yet diverse, IoT, OT, and ICS estates, amid a significant increase in sophisticated threats by nation-states and criminal threat actors.
On January 31st, the US House held a hearing called “The CCP Cyber Threat to the American Homeland and National Security,” to raise awareness and highlight risks about the growing capabilities and threats of nation-state actors to “wreak havoc” and “cause real-world harm” to Americans by launching damaging and destructive cyber attacks that target critical U.S. infrastructure and supply chains.
In prepared remarks for the committee, FBI Director Christopher Wray testified that, “There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure – our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems. And the risk that poses to every American requires our attention – now.”
The House hearing follows on the heels of another U.S. effort to tackle this growing threat. The Justice Department and Federal Bureau of Investigation recently launched an operation to remotely disable the xIoT-based botnet of a critical Chinese hacking campaign, known as Volt Typhoon, which has compromised Western critical infrastructure, including utilities, naval ports, and internet service providers.
“The requirement for greater resiliency and heightened security demands urgent action to focus on fundamental security hygiene for our critical, yet vulnerable, Cyber-Physical Systems – including IoT, OT, and ICS devices,” said Sonu Shankar, Chief Strategy Officer of Phosphorus. “US adversaries like China, Russia, and Iran are actively targeting xIoT assets within critical industries to gain a foothold inside these networks, which they can then use to spread laterally to other critical systems and launch significant disruptive attacks. All organizations need to prioritize addressing this threat by taking a more proactive and preventative stance to safeguard these systems and ensure they are protected against these targeted attacks left-of-boom.”
Phosphorus’s security and research teams have long focused on these evolving threats to enterprise and industrial Cyber-Physical Systems, and the company provided the industry’s first comprehensive research report on xIoT threats and vulnerabilities in 2022 which covered millions of actively deployed IoT, OT, IIoT, and IoMT smart devices. Despite the surge in threat actor activity and sophisticated hacking capabilities, Phosphorus continues to see poor security hygiene across large industrial and enterprise environments throughout the U.S. Many organizations remain far behind when it comes to discovering, assessing, fixing, and managing these vulnerable Cyber-Physical Systems.
According to Phosphorus’s research team, the most serious threat to critical systems doesn’t come from an exotic exploit, but rather from basic security oversights. This is highlighted by the fact that 75% of xIoT devices are deployed with default passwords, 70% of these devices also contain known high- to critical-state vulnerabilities, and 30% of devices are end-of-life and no longer supported with security updates.
The company has also warned about the growing risks posed by banned Chinese-manufactured devices which continue to be prevalent across various sectors of U.S. enterprises, often without their knowledge. In 2022, Phosphorus released new security features that enable organizations to discover and monitor their networks for the presence of xIoT devices that the U.S. government deems a significant security risk, including devices officially banned by the FCC (see the Covered List). The new features also include the capability to remotely disable and remove the devices from the network.
Phosphorus’s Gartner-recognized Unified xIoT Security Management Platform offers the industry’s only proactive approach to security management and breach prevention for the exploding OT/ICS, IIoT, IoT, and IoMT attack surface. The platform, which also addresses the most significant misconfiguration risks recently identified by the National Security Agency (NSA) and Cybersecurity & Infrastructure Security Agency (CISA), provides seamless, prevention-based protection through its unique ability to directly communicate with all xIoT devices in their native protocols. This allows organizations across every vertical to safely and easily find, fix, monitor, and manage their CPS estates – without agents, complexity, or infrastructure dependencies.
For more information, visit www.phosphorus.io or meet the company at upcoming conferences, including S4x24, RSA Conference, Black Hat and DEF CON.
Phosphorus Cybersecurity® is the leading CPS Protection Platform delivering a proactive approach to security management and breach prevention for the exploding IoT, OT, IIoT, and IoMT attack surface. Designed to find and secure the rapidly growing, unknown, and often unmonitored world of Cyber-Physical Systems across the xTended Internet of Things landscape, our Unified xIoT Security Management Platform provides unmatched security management and breach prevention across every industry vertical—delivering high-fidelity discovery and risk assessment, proactive hardening and remediation, and continuous monitoring and management. With patented xIoT Intelligent Active Discovery and risk assessment, Phosphorus automates the mitigation and remediation of the most significant IoT, OT, IIoT, and IoMT device vulnerabilities – including unknown and inaccurate asset inventory, default credentials, out-of-date and vulnerable firmware, risky configurations, banned and end-of-life devices, and expired or self-signed certificates. Follow Phosphorus on LinkedIn, Twitter, Threads, and YouTube, and learn more at www.phosphorus.io.