Enterprises in critical industries such as manufacturing, energy, and healthcare are unifying security management of information technology (IT), the internet of things (IoT), and operational technology (OT) under one umbrella. As a result, visibility into connected assets and critical vulnerabilities is necessary to maintain public safety, national security, and economic viability.
To properly prioritize and remediate vulnerabilities affecting industrial environments, users must first understand the vulnerability landscape, which of their assets are most at risk, and the exposure incurred by unpatched or unmitigated security flaws.
Critical resource brings context to industrial cybersecurity
Claroty’s research arm, Team82, has published an important resource that does just that. Its latest Biannual ICS Risk & Vulnerability Report delivers contextual analysis of all industrial control system (ICS) and OT vulnerabilities published during the second half (2H) of 2021. The report reiterates a few constants from previous editions of the report: the number of vulnerabilities being disclosed continues on an upward trajectory, as does the population of researchers, vendors, and attackers looking for exploitable bugs in products.
Newly emerging is a spotlight on the challenges of patching OT vulnerabilities and the importance of mitigation measures. The report identifies top mitigation strategies, which are crucial for OT asset operators to consider when patching systems is not possible.
Vulnerabilities affecting cyber-physical systems
As we said, vulnerabilities continue to be uncovered at a record pace. During 2H 2021, 797 ICS vulnerabilities were disclosed, affecting 82 ICS vendors. Software and firmware vulnerabilities affecting technology at the core of production workflow—servers and databases processing feeds from field devices and systems managed in the cloud—contained the most vulnerabilities during the latter half of 2021.
Also clear is that as more ICS devices are connected online, researchers and attackers are seeking out ways to exploit vulnerabilities remotely. Our data shows that 63% of the vulnerabilities disclosed may be exploited via a network attack vector.
As for mitigations, network segmentation, secure remote access, phishing awareness, credential protection, and traffic restriction—all fundamental security practices—are important stopgaps until patches are available.
On a further positive note, leading automation vendors have mature security programs that are vigilant about finding and fixing vulnerabilities. The report identifies an increasing number of vulnerabilities disclosed by vendor research teams, and many smaller vendors following that lead.