ICS vulnerability disclosures have grown 110% since 2018, which Claroty says suggests more types of operational technologies are coming online and presenting soft targets.
Operational technology company Claroty makes a big claim about the future of OT and industrial control system security: Based on data collected over the past few years, the distinction between OT/ICS and the rest of enterprise technology is starting to blur. fade seriously, and new security headaches have appeared in their place.
Claroty affirms that it is the case in his ICS Risk and Vulnerability Report for the second half of 2021 (find the first half here), which found, among other things, that there has been a 110% year-over-year increase in the number of ICS vulnerabilities disclosed since 2018, and that non-OT products account for 34% of the vulnerabilities reported. ICS vulnerabilities reported in 2021.
It’s that second stat that Claroty draws particular attention to, saying it indicates a trend of companies merging OT, IT, and IoT under a single security umbrella.
WATCH: Google Chrome: Security Tips and UI You Should Know (TechRepublic Premium)
“As more cyber-physical systems become connected, accessibility to these networks from the Internet and the cloud requires defenders to have useful and timely vulnerability information to inform risk decisions,” said Amir Preminger, vice president of research at Claroty.
Claroty’s name for its vision of a world without distinctions between operational technology, information technology, and the Internet of Things devices is the “Extended Internet of Things.” He describes XIoT as “an umbrella term that captures the cyber-physical systems critical to our lives…not just for security management, but also for data analysis, performance monitoring and improvement, and much more.” .
This transition cannot be avoided, Claroty said, because they are very attractive to business owners who see it as a way to streamline their organizations. That means “it’s the job of asset owners and security teams to protect those connections.”
The risk to XIoT environments is serious
The risks associated with connecting OT, ICS, and IoT networks to Internet-enabled systems go beyond the devices and endpoints. As an example of how devastating an attack could be in an XIoT environment, Claroty gives the example of someone being able to compromise not a piece of hardware, but rather the management console of an XIoT organization.
“An attacker could execute any number of exploits to execute code on cloud-managed devices, allowing not only full control of an endpoint device, but also network lateral movement and a greater variety of payloads to be accessed. your disposition,” the report said. .
Looking back at the report, it’s important to note a couple more stats: 87% of all ICS vulnerabilities reported in the second half of 2021 were considered low complexity, meaning an attacker doesn’t need special conditions and you can expect repeated success. Sixty-three percent of vulnerabilities disclosed in the same time period could be executed remotely, and 53% gave attackers the ability to execute code remotely.
WATCH: Password Cracking: Why Pop Culture and Passwords Don’t Mix (Free PDF) (Republic of Technology)
It’s a dangerous digital world out there. If Claroty has the correct assumptions that the future of technology will be XIoT, and the statistics presented above are correct, we are looking at a coming apocalypse of vulnerable devices exposed to the Internet.
Preventing an XIoT Security Disaster
There’s a straightforward, simple, and honestly obvious answer that Claroty recommends to organizations concerned about connecting their technology into a large XIoT network: segment it.
“Network segmentation is the primary step and should be an important consideration for defenders before other options on our list,” the report said. Segmentation was recommended more than any other method as a way to mitigate ICS vulnerabilities revealed in the second half of 2021, followed by ransomware/phishing/spam protection, traffic restrictions, user and role-based policies, and secure remote access .
In terms of specific segmentation recommendations, Claroty said organizations should set up virtual zones so they can be easily managed remotely, give zones specific policies tailored to the specific needs of users in that zone, and ensure they reserve capacity. of inspecting traffic, including OT protocols. However, don’t neglect Claroty’s other recommended protection areas in favor of focusing exclusively on segmentation: they are all essential components of a more secure whole.