New Report Finds Latest ICS Vulnerabilities on the Rise for Industrial Manufacturing

The document calls for increased security efforts in the industry and highlights the importance of protecting internet-facing ICS machines and remote access connections. The new data is from Claroty’s Biannual ICS Risk & Vulnerability Report and is available on the company’s website.

 

Bridging the Cybersecurity Gap

Specializing in operational technology (OT) security, Claroty’s mission is to bridge the gap between IT and OT environments.

Launched by the Team8 foundry in 2015, the company has received $100 million in funding and counts customers such as Rockwell Automation, Siemens, and Schneider Electric.

Claroty aims to reduce OT security's complexity via technology-agnostic solutions and ample support across the products’ life cycle. 

To strengthen its network's security, the company also provides native Secure Remote Access (SRA), a single, secure interface through which all users connect before performing activities requiring remote connectivity to OT environments. 

 

SRA Dashboard. Image courtesy of Claroty.  

 

These may include maintenance, auditing, support, forensics, and others. Through SRA, critical systems are isolated from unmanaged and insecure VPN jump-box scenarios, and insecure pathways commonly exploited by attackers targeting OT environments are eliminated.

The implementation of these policies translate to granular policy- and role-based administrative controls following Zero Trust and Least Privilege security principles.

 

The Claroty Biannual ICS Risk & Vulnerability Report

The report's main objective is to provide nuanced insight into the ICS risk and vulnerability landscape, the challenges it poses to OT security practitioners, and what conclusions can be drawn from data that is publicly available. 

Of the 365 vulnerabilities mentioned in the report, 26 were discovered by The Claroty Research Team, while other researchers and organizations found the others. More than 75% of those vulnerabilities were assigned high or critical Common Vulnerability Scoring System (CVSS) scores.

Moreover, Claroty highlighted that 70% of the vulnerabilities discovered could be exploited remotely via a network attack vector. Considering the vast majority of the working population has shifted to remote working due to the effects of COVID-19, these risks are now further exacerbated.

In terms of the most Common Weakness Enumerations (CWEs) found, the top five were all ranked highly on The MITRE Corporation’s 2019 CWE Top 25 Most Dangerous Software Errors list due to their relative ease of exploitation and potential impacts.

 

Preventing Risks in Industrial Manufacturing

According to the report, the vulnerabilities in ICS products disclosed during 1H 2020 are most prevalent in the energy, critical manufacturing, and water & wastewater sectors, all designated as critical infrastructure sectors. Of the 385 unique CVEs included in the report, energy had 236, critical manufacturing had 197, and water & wastewater had 171. 

 

A screenshot of the report showing a monthly comparison of vulnerability count by infrastructure sector. Image courtesy of Claroty.

 

When comparing to 1H 2019, water and wastewater experienced the largest increase of CVEs (122.1%), while critical manufacturing and energy increased respectively by 87.3% and 58.9%. 

Looking beyond the figures, 2020 has already seen a wide array of cyberattacks on industrial facilities. In February, a U.S. gas pipeline shut down for days after its industrial control systems infected by malware. In May hackers targeted PLCs and SCADA systems at a water facility in Israel.

The effects of such attacks on an industrial facility’s machinery vary greatly, but according to the new data, executing unauthorized code and reading application data would be at the top of the list.

 

A graphic from the report showing vulnerability count by impact. Image courtesy of Claroty.

 

To defend against malicious actors and protect your OT systems, the Claroty report concludes with a list of recommendations.

These range from protecting remote access connections via patched VPNs, to anti-phishing measures and ensuring all internet-connected ICS devices are password-protected with stringent password hygiene.

 

What do you think about the new findings?