What characteristic of IACS makes them particularly vulnerable to cyber threats?

The characteristic that makes Industrial Automation and Control Systems (IACS) particularly vulnerable to cyber threats is their integration with legacy systems that may lack modern security features. Many IACS consist of a combination of new technologies and older systems that were designed before contemporary cybersecurity threats were fully understood. These legacy systems often operate on outdated software and hardware that lack the encryption, access controls, and other defenses present in newer systems.

Due to their long operational life, legacy systems might not receive regular updates or patches, making them a target for cyber attackers who exploit known vulnerabilities. Additionally, the integration of these systems with modern networks can create pathways for threats to infiltrate, especially if the security measures in place are inadequate or absent. This combination of outdated technology and poor integration practices compounds the risk, making it crucial for organizations to address these vulnerabilities in their cybersecurity assessments.

The other options do not accurately capture the primary vulnerability aspect associated with IACS. For example, reliance on cloud computing can introduce its own risks but does not inherently define the susceptibility of existing IACS. Similarly, outdated user interfaces and lack of remote access, while potentially problematic, are not as central to the cybersecurity posture as the presence of legacy systems with weak security capabilities.