OTS - Cybersecurity Report 2021: TXOne Networks Publishes In-Depth Analysis of Vulnerabilities Affecting Industrial Control Systems (part 1)
2022. February 01. 14:00
San Francisco/Taipei, 1 February, 2022 (APA/OTS) - How cyber threat
and research trends from previous years will affect the ICS
environment in 2022
TXOne Networks, a global leader in OT zero trust and Industrial
IoT (IIoT) security, has published its 2021 Cybersecurity Report
which focuses on the vulnerabilities that can affect ICS
environments. TXOne Networks' threat researchers conducted in-depth
analysis of ICS-affecting vulnerabilities using the MITRE
Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for
ICS, a globally-accessible knowledge base of adversary tactics and
techniques found in cyber attacks on ICS environments. The results
of this Cybersecurity Report enable TXOne Networks to show cyber
threat and research trends from 2021 and previous years that will
affect the industrial control system (ICS) environment in 2022. One
important observation from the report is that cyber attacks on
critical infrastructure can be resisted and made significantly
easier to repel by applying the OT zero trust methodology, which
includes device inspection, preserving critical applications and
services, network segmentation, and virtual patching.
The focus of TXOne Networks' Cybersecurity Report lies
especially on the analysis of so-called Common Vulnerabilities and
Exposures (CVEs) that can affect ICS environments. These
industry-critical vulnerabilities are identified each year by the
Industrial Control Systems Cyber Emergency Response Team
(ICS-CERT). The MITRE ATT&CK for ICS matrix used by TXOne Networks
gives an overview of "tactics" (malicious actors' goals during an
attack) as well as the specific "techniques" malicious actors will
use to accomplish their goals.
2021's ICS-CERT advisories
ICS-CERT advisories are published when an ICS vulnerability is
released that attackers could use to cause harm. According to the
Cybersecurity Report, the number of advisories dramatically
increased in 2021. There were 389 advisories published, which,
compared with 2020's number of 249, shows the largest year-to-year
growth in the history of the ICS-CERT program. The ever-increasing
number of CVEs affecting ICS environments highlights the
near-impossibility of comprehensively addressing each specific
vulnerability.
2021 also saw fundamental changes in the methods favored by
cyber attackers, as well as more advanced and destructive supply
chain attacks than ever before. Known recently-active ransomware
groups include Maze, Lockbit, REvil, and DarkSide, though their
activity levels can vary.
CVEs affecting ICS environments
By taking a closer look at vulnerabilities in ICS-CERT
advisories from 2017 to 2021 classified by affected sector, a huge
spike in vulnerabilities affecting Critical Manufacturing clearly
stands out - 59.8% of CVEs identified in 2021 advisories are
considered critical or high-risk.
While Critical Manufacturing is obviously in the lead, the
Cybersecurity Report also shows a spike in CVEs which can be used
to affect multiple sectors. Both attackers and researchers are
likely to take more interest in these kinds of vulnerabilities in
2022 and 2023, because attackers can potentially exploit the same
vulnerability across different kinds of operational environments.
"Our analysis of the 613 CVEs identified in advisories in 2021
that are likely to affect Critical Manufacturing environments shows
that 88.8% of them might be leveraged by attackers to create an
impact and cause varying degrees of disruption to ICS equipment and
the environment," said Dr. Terence Liu, CEO of TXOne Networks. "For
ICS environments, impact is a critical concern that includes damage
or disruption to finances, safety, human lives, the environment,
and equipment."
Supply Chain and Work Site Security
According to the Cybersecurity Report, while ICS-CERT shows
information about CVEs that is immediately useful and necessary, it
might be missing some information that can streamline the process
of addressing them. More complete information provided by the
National Vulnerability Database (NVD) can be critical in the
creation of Software Bills of Materials (SBOMs) and the prevention
of supply chain attacks, but almost 25% of CVEs take more than 3
months to reach this stage of documentation.
This underscores some crucial points. First, from a security
point of view, no organization can depend on one source for
cybersecurity information. In other words, ICS cybersecurity is a
group effort that can't be effectively accomplished without
comparing multiple sources of information. Second, due to an
extended timeline for information availability, organizations can't
rely on vendor patches or even released research to secure
operations.
OT Zero Trust
One potential way to address these challenges as well as the
urgent need for improvements in cybersecurity, could be the "Zero
Trust Architecture". TXOne Networks' experts recommend OT zero
trust, an adapted form of the zero trust architecture that offers
unique improvements in cybersecurity to both supply chains and ICS
environments.
A core principle of IT zero trust is to "never trust, always
verify". This idea was created based on the IT perspective that a
network is designed for human operators or "users". Because in ICS
environments the networks are primarily used by assets instead of
personnel, the methodology must be adapted into OT zero trust to
provide reliable defenses that do not interfere with productivity
or availability. "OT zero trust-based solutions such as network
segmentation, virtual patching, trust lists, asset hardening, and
security inspection offer a superior protective baseline by
elevating security standards for networks and assets from the
ground up," emphasized TXOne Networks' CEO Dr. Liu. (continues)