Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

The Grim Reality of Cybersecurity Threats to U.S. Critical Infrastructure

Here’s a shocking statistic to ring in the new year of 2023 for cybersecurity.  Approximately 75% of industrial control systems and devices (ICS) have severe, unpatched cybersecurity vulnerabilities. What’s an ICS? Essentially all the major systems and components that run our daily lives for almost everything we do.  Think the power grid, water treatment plants, and much, much more.

Specifically, in its December 2022 ‘Cyber Signals’ report, Microsoft noted the following:

  • 78% increase in Over 1 million connected disclosures of high-severity devices publicly visible on vulnerabilities from 2020 to 2022 in industrial control equipment produced by software still widely used by popular vendors.
  • Unpatched, high-severity vulnerabilities in 75% of the most common industrial controllers in customer OT networks.
  • Over 1 million connected devices publicly visible on the Internet running Boa, an outdated and unsupported software still widely used in IoT devices and software development kits (SDKs).

So, why are the vulnerabilities so rampant? Jokes Bryson Bort of ICS Village at Def Con security conference, ““What is an industrial control system?” he asks. “Any computer that’s at least 20 years old.” They are so old that the software they run on is often outdated and not supported anymore by the vendor. Also, they were designed with availability and safety in mind, not security. Says Bryson, “The security of these things is now catching up…It’s sort of, ‘Oh, wait a second. We’ve got computers in these, they’re interconnected, that’s a problem and we have to do something about it.’”

Further compounding the problem, according to David Atch, head of IoT/OT security research at Microsoft Defender Threat Intelligence, is that ICS often run on platforms with lower power consumption and memory restrictions, thus making it challenging to run complicated software on them.

Some of the biggest challenges found within ICS are the following:

About Arlington

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.  Learn more at arlingtonintel.com.

About Arlington


We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.  Learn more at arlingtonintel.com.