Skip to content
"VC3 has made it easier than ever before for our local government to serve our citizens by providing us with modern web tools and a team
of talented and courteous professionals.
City of Valdosta, GA

Municipal League Partnerships

VC3 is the IT partner that focuses on municipalities. We understand your budgeting cycles and critical

Find All the Resources You Need

Our resources & insights includes case studies, client testimonials, guides, checklists, blog articles and more!


1 min read

Recent Report Warns of 56 Vulnerabilities in Operational Technology Devices


Joe Howland, Chief Information Security Officer

A recent report from Forescout shows that 56 vulnerabilities exist in commonly used operational technology (OT) devices. According to the Cybersecurity and Infrastructure Security Agency (CISA), these vulnerabilities are “caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality.”

Many municipalities, counties, and water/sewer authorities use OT as part of their critical infrastructure. In recent years, critical infrastructure has become a national security concern as cyberattackers seek to physically harm the public. Unfortunately, many OT systems are “insecure-by-design,” meaning that security vulnerabilities are literally embedded in these products.

While there is a lot of debate about the reasons why such products are released, there is no debate that “insecure-by-design” leads to vulnerabilities. The top three, according to Forescout, are:

  1. Compromised credentials (such as usernames and passwords)
  2. Firmware manipulation (such as exploiting the lack of a software patch)
  3. Remote code execution (similar to how cyberattackers exploit software vulnerabilities in servers and computers)

VC3 does not support OT systems but we are concerned enough about cybersecurity that we highly encourage you to contact your supervisory control and data acquisition (SCADA) vendor to ensure they are following basic cybersecurity best practices including:

  • Scanning and monitoring your systems for security vulnerabilities and suspicious activity
  • Patching software
  • Identifying any vulnerable OT assets based on the Forescout report

For more information, you can read CISA’s report and the full Forescout report.

Let's talk about how VC3 can help you AIM higher.