Hyland 160x1200

Hyland 160x1200

Hyland 705x108

Tuesday, 09 February 2021 23:46

ICS vulnerabilities increased in second half of 2020 as gaps in remote work expand attack surfaces

By

Claroty’s Biannual ICS Risk & Vulnerability Report identifies critical infrastructure sectors most at risk and increased attention on security of industrial networks

GUEST RESEARCH by Claroty: Throughout the second half (2H) of 2020, 71% of industrial control system (ICS) vulnerabilities disclosed were remotely exploitable through network attack vectors, according to the second Biannual ICS Risk & Vulnerability Report released today by Claroty, the industrial cybersecurity company. The report also revealed a 25% increase in ICS vulnerabilities disclosed compared to 2019, as well as a 33% increase from 1H 2020.

The report comprises the Claroty Research Team’s discoveries alongside trusted open sources, including the National Vulnerability Database (NVD), the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), CERT@VDE, MITRE, and industrial automation vendors Schneider Electric and Siemens.

During 2H 2020, 449 vulnerabilities affecting ICS products from 59 vendors were disclosed. Of those, 70% were assigned high or critical Common Vulnerability Scoring System (CVSS) scores, and 76% do not require authentication for exploitation.

“The accelerated convergence of IT and OT networks due to digital transformation enhances the efficiency of ICS processes, but also increases the attack surface available to adversaries,” said Amir Preminger, vice president of research at Claroty. “Nation-state actors are clearly looking at many aspects of the network perimeter to exploit, and cybercriminals are also focusing specifically on ICS processes, which emphasises the need for security technologies such as network-based detection and secure remote access in industrial environments. It is heartening to see a growing interest in ICS within the security research community, as we must shine a brighter light on these vulnerabilities in order to keep threats at arm’s length.”

Vulnerabilities on the rise in critical manufacturing, energy, and water and wastewater sectors

The critical manufacturing, energy, water and wastewater, and commercial facilities sectors—all designated as critical infrastructure sectors—were by far the most impacted by vulnerabilities disclosed during 2H 2020 and shows increases from the previous two years across the board:

  • Critical manufacturing increased 15% from 2H 2019 and 66% from 2H 2018
  • Energy increased 8% from 2H 2019 and 74% from 2H 2018
  • Water and wastewater increased 54% from 2H 2019 and 63% from 2H 2018
  • Commercial facilities increased 14% from 2H 2019 and 140% from 2H 2018

Assessment of ICS vulnerabilities sees growth in third-party researchers

The number of ICS vulnerabilities disclosed in 2020 increased by more than 30% compared to 2018 and nearly 25% compared to 2019. Two factors contribute to this spike in recent years: a heightened awareness of the risks posed by ICS vulnerabilities, and researchers and vendors increasingly focused on identifying and remediating security flaws as effectively and efficiently as possible. This growth indicates security research focused on ICS products is maturing.

Third-party researchers were responsible for 61% of discoveries, many of which were cybersecurity companies. This signals a change in focus to include ICS alongside IT security research, which is further evidence of the accelerated convergence between IT and OT. Among all third-party discoveries, 22 reported their first disclosures, a positive sign of growth in the ICS vulnerability research market.

The Claroty Research Team discovered and disclosed 41 vulnerabilities during 2H 2020, affecting 14 vendors. These represent the direction and core objectives of the team’s research focus. Overall, Claroty researchers have found and disclosed more than 70 ICS vulnerabilities to date.

To access the complete set of findings, in-depth analysis, and additional steps to defend against improper access and risks, download the Claroty Biannual ICS Risk & Vulnerability Report: 2H 2020.


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Staff Writers

Our Staff Writers and Guest Writers contribute content to iTWire each day and they are available asset to the team. If you want to be a staff writer please contact us.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments