100,000 Vulnerabilities

(This article was originally published on the Digital Bond blog.)

The popular press cites an “alarming” statistic from time to time – the “dramatic” increase in cyber-security vulnerabilities being reported in industrial control system components. 129 were reported in 2011, vs only 15 in 2010 and 14 in 2009. Those of us in the industry of course groan when we read nonsense like this. We know the truth to be rather more “dramatic.”

How bad is SCADA security really? Let’s do the math.