The Internet of Things and Industrial IoT are causing a lot of security headaches, mostly because these devices and the solutions used to secure them are still in the nascent stages of being developed and coming to market.
Industrial automation devices are installed across all critical infrastructure environments from electric, oil, and gas, to pharmaceuticals and chemical factories.
Phil Neray, CyberX’s vice president of industrial cybersecurity, said even though the federal government has classified all of these as critical infrastructure, "The fact is that all of these devices were designed a long time ago."
With their age comes the issue that the protocols used to communicate were designed before anyone really understood the vulnerabilities in them. The industry has seen many zero day vulnerability disclosures, and at the risk of sliding into some serious FUD, Neray is calling them “Forever Day” Vulnerabilities, possibly serious enough to be considered the “Heartbleed of OT networks”.