The global site of the UK's leading magazine for automation, motion engineering and power transmission
23 October, 2021

ICS vulnerabilities soared by ‘staggering’ 41% in early 2021

19 August, 2021

The number of vulnerabilities discovered in industrial control systems (ICSs) hit a “staggering” level in the first half of 2021, with 637 new vulnerabilities being revealed – 41% more than during the previous six months. A new report from the cyber-researcher Claroty shows that most of these ICS vulnerabilities have a high or critical severity, a low attack complexity, are remotely exploitable, and could result in a total loss of ICS availability.

High-profile attacks such as those on a Florida water treatment plant and the Colonial Pipeline oil pipeline in the US have elevated ICS security to a mainstream issue, according to Claroty’s third Biannual ICS Risk & Vulnerability Report. The number of vulnerabilities being discovered is accelerating: during the whole of 2020 they rose by just 25% from 2019, and 33% from 2018.

“As more enterprises are modernising their industrial processes by connecting them to the cloud, they are also giving threat actors more ways to compromise industrial operations through ransomware and extortion attacks,” says Claroty’s vice-president of research, Amir Preminger. The recent high-profile industrial cyber-attacks “have not only shown the fragility of critical infrastructure and manufacturing environments that are exposed to the Internet, but have also inspired more security researchers to focus their efforts on ICS specifically.”

The report also reveals that that software vulnerabilities are being patched at a much higher rate than firmware bugs. Some 26% of the discovered vulnerabilities either have no available fix or only a partial remediation, highlighting a key challenge of securing OT environments compared to IT environments.

“Alarmingly,” says Claroty researcher Chen Fradkin in a blog, almost 62% of flaws in firmware had no fix or a partial remediation recommended, and most of those bugs were in products at the basic control level. By comparison, almost 60% of software vulnerabilities were remediated. “This is no real surprise, given the comparative ease in applying a software patch versus a firmware update,” Fradkin remarks.

The report’s key findings include:
• 81% of the 637 ICS vulnerabilities discovered in the first half of 2021 were found by sources outside the affected vendor
• 71% of the vulnerabilities are classified as “high” or “critical”, reflecting their potential risk to operations
• 90% have low attack complexity, meaning that an attacker can expect repeatable success every time
• 74% do not require privileges, meaning the attacker does not need access to settings or files, and 66% do not need user interaction, such as opening an email, clicking on links or attachments, or sharing sensitive personal or financial information
• 61% are remotely exploitable, demonstrating the importance of securing remote connections
• 65% could cause a total loss of plant availability
• 23.55% of the vulnerabilities discovered were in Level 3 “operations management” products (such as historian databases and OPC servers), 15.23% were in Level 1 “basic control” products, followed by Level 2 “supervisory control” products such as HMIs, Scada systems, workstations and other equipment that communicates directly with PLCs, RTUs, and Level 1 controllers
• the top mitigation steps include network segmentation (which applies to 59% of vulnerabilities), secure remote access (53%), and ransomware, phishing, and spam protection (33%)
• more researchers than ever are looking for bugs in ICS products and OT protocols: 42 new researchers disclosed vulnerabilities in the first half of 2021, and 20 vendors had vulnerabilities disclosed publicly for the first time.

Claroty’s report reveals that the number of ICS cyber-vulnerabilities being discovered is rising rapidly

Claroty points out that patching and product updates require downtime that’s “intolerable” for many users. Therefore, mitigations “carry significant weight” for defenders, with network segmentation and secure remote access being the dominant mitigation steps recommended during the first half of 2021.

As air-gapped OT networks become relics of the past, network segmentation has taken on a prominent role. Claroty predicts that techniques such as virtual zoning – zone-specific policies tailored to engineering or other process-oriented functions – will also grow in popularity.

Secure remote access is a close second to segmentation as a top mitigation strategy. Claroty points out that proper access controls and privilege management can go a long way to preventing cyber-attacks, and more importantly, keep profit-oriented attackers from moving laterally through IT and OT networks, stealing data, and injecting malware such as ransomware.

ClarotyTwitter  LinkedIn  Facebook




Magazine
  • To view a digital copy of the latest issue of Drives & Controls, click here.

    To visit the digital library of past issues, click here

    To subscribe to the magazine, click here

     

Exhibition

Drives Show 2022The next Drives & Controls Exhibition and Conference will take place in Birmingham, UK, from 5-7 April, 2022. For more information on the event, visit the Show Web site

Poll

"Do you think that robots create or destroy jobs?"

Newsletter
Newsletter

Events

Most Read Articles