XOne Networks, the global leader in OT Zero Trust and Industrial IoT (IIoT) security, has published its 2021 Cyber ​​Security Report, which focuses on vulnerabilities that may affect ICS environments.

TXOne Networks threat researchers conducted an in-depth analysis of vulnerabilities affecting ICS using MITER Adversarial Tactics, Techniques, and Common Knowledge (ATT & CK) for ICS, a globally available knowledge base of enemy tactics and techniques found in cyberattacks against ICS environments. The findings of the Cybersecurity Report show the trends in cyber threats and research from 2021 and previous years that will impact the Industrial Control Systems (ICS) environment in 2022. One of the important observations made in the report is that cyber attacks against critical infrastructure can be combated and greatly facilitated by Through the use of the operational process zero-trust methodology, which includes device scanning, critical application and service behavior, network segmentation, and virtual patching.

Check also:

The TXOne Networks Cybersecurity Report focuses specifically on the analysis of so-called common vulnerabilities and exposures (CVEs) that may affect ICS environments. These critical vulnerabilities in the industry are identified each year by the Industrial Control Systems Electronic Incident Response Team (ICS-CERT). The MITER ATT & CK Matrix for ICS used by TXOne Networks provides an overview of “tactics” (the targets of malicious actors during an attack) as well as the specific techniques that criminals will use to achieve their goals.

ICS-CERT Announcements for 2021

ICS-CERT messages are published if there are vulnerabilities in ICS systems that could be used by attackers to cause harm. According to the Cyber ​​Security Report, the number of these messages increased significantly in 2021. 389 of them were published, which, compared to 249 in 2020, is the largest annual increase in the history of the ICS-CERT program. The ever-increasing number of CVE affecting ICS environments underscores the impossibility of addressing each specific vulnerability in a comprehensive manner.

2021 also saw fundamental changes in the tactics preferred by cyber attackers, as well as more advanced and destructive supply chain attacks than ever before. Recently known active ransomware groups are Maze, Lockbit, REvil and DarkSide, although their activity levels may vary.

CVEs affect ICS environments

A closer look at the 2017-2021 ICS-CERT vulnerabilities, categorized by the sector they affect, clearly shows a massive increase in the number of vulnerabilities affecting the critical manufacturing sector – 59.8% of CVE identified in 2021 is considered critical or high risk.

While the manufacturing sector is clearly at the fore, the Cyber ​​Security report also shows an increase in the number of CVE that can be used to target multiple sectors. Both attackers and researchers will likely be more interested in these types of vulnerabilities in 2022 and 2023, as attackers can exploit the same vulnerability in different types of operating environments.

“Our analysis of 613 CVEs identified in the 2021 Notices that may impact critical manufacturing environments shows that 88.8% of them could be used by attackers to influence and cause varying degrees of disruption to ICS equipment and the environment.” Says Dr. Terence Liu, CEO of TXOne Networks. “For ICS environments, impact is a critical issue that includes damage or disruption to finances, safety, human life, the environment, and equipment.”

Supply Chain and Workplace Security

According to the Cyber ​​Security Report, while the ICS-CERT immediately shows useful and necessary information about the CVE, there may be some missing information that can simplify the processing process. The most complete information provided by the National Vulnerabilities Database (NVD) can be crucial to developing software bills of materials (SBOM) and preventing supply chain attacks, but approximately 25% of CVEs take more than 3 months to reach this documentation stage.

Some important issues remain. First, from a security point of view, no organization can rely on a single source of cybersecurity information. In other words, ICS cybersecurity is a collaborative effort that cannot be successfully achieved without comparing multiple sources of information. Second, due to the extended availability of information, organizations cannot rely on vendor patches or even published studies to secure operations.

OT Zero Trust

A “zero trust structure” could be one potential way to address these challenges, as well as the urgent need to improve cybersecurity. TXOne Networks experts recommend Anti-Trust OT, a modified form of the trust architecture that provides unique cybersecurity improvements in both supply chains and ICS environments.

The basic principle of distrust of IT is “never trust, always verify”. This idea is built on the basis of an IT perspective where the network is designed for human operators or ‘users’. As in ICS environments, networks are used primarily by resources, not individuals, this methodology must be adapted with distrust of OT to ensure reliable defense that does not interfere with throughput or availability. It offers an excellent security base by raising security standards for networks and assets from zero,” emphasizes Dr. Liu, CEO of TXOne Networks.

Source: APA-OTS