INFOGRAPHIC
Compared to 1H 2019, ICS vulnerabilities
published by the NVD increased by 10.3%
from 331, while ICS-CERT advisories
increased by 32.4% from 105. More than
75% of vulnerabilities were assigned high
or critical Common Vulnerability Scoring
System (CVSS) scores.
“There is a heightened awareness of the
risks posed by ICS vulnerabilities and a
sharpened focus among researchers and
vendors to identify and remediate these
vulnerabilities as effectively and efficiently
as possible,” said Amir Preminger, VP of
Research at Claroty. “We recognised the
critical need to understand, evaluate and
report on the comprehensive ICS risk and
vulnerability landscape to benefit the entire
OT security community. Our findings show
how important it is for organisations to
protect remote access connections and
Internet-facing ICS devices and to protect
against phishing, spam and ransomware
in order to minimise and mitigate the
potential impacts of these threats.”
According to the report, more than 70%
of the vulnerabilities published by the NVD
can be exploited remotely, reinforcing the
fact that fully air-gapped ICS networks
that are isolated from cyberthreats have
become vastly uncommon. Additionally, the
most common potential impact was remote
code execution (RCE), possible with 49% of
vulnerabilities – reflecting its prominence
as the leading area of focus within the OT
security research community – followed by
the ability to read application data (41%),
cause denial of service (DoS) (39%) and
bypass protection mechanisms (37%). The
prominence of remote exploitation has
been exacerbated by the rapid global shift
to a remote workforce and the increased
reliance on remote access to ICS networks
in response to the COVID-19 pandemic.
The energy, critical manufacturing
and water & wastewater infrastructure
sectors were by far the most impacted
by vulnerabilities published in ICS-
CERT advisories during 1H 2020. Of the
385 unique Common Vulnerabilities
and Exposures (CVEs) included in the
advisories, energy had 236, critical
manufacturing had 197 and water &
wastewater had 171. Compared to 1H
2019, water & wastewater experienced the
largest increase of CVEs (122.1%), while
critical manufacturing increased by 87.3%
and energy by 58.9%. •
www.intelligentcio.com
INTELLIGENTCIO
31