Sad to see but reinforces the need to "Audit/Review" all third party providers security posture.
Unfortunate that more and more OT (ICS) attacks are happening. These attacks present a risk to human life and the attackers do not really seem to care....just another way to make money. Can you read that I am disgusted? yes, I am.
Similar to outsourcing data to the Cloud, corporations need to develop a checklist/standards that can be applied to any third party vendor. It should include things like but not limited to:
- A review of their last audit
- rules and regulations if they need to come on site
- revision history (plans)
We should also remember that even though the software being provided by any external vendor can be problematic especially when they update/patch software or do not patch.