- ITDM 2025 전망 | 금융 플랫폼 성패, 지속가능한 사업 가치 창출에 달렸다” KB국민카드 이호준 그룹장
- “고객경험 개선하고 비용은 절감, AI 기반까지 마련” · · · AIA생명의 CCM 프로젝트 사례
- 2025年、CIOはAIに意欲的に投資する - そしてその先も
- The best robot vacuums for pet hair of 2024: Expert tested and reviewed
- These Sony headphones eased my XM5 envy with all-day comfort and plenty of bass
Disclosed ICS Vulnerabilities Surged During Second Half of 2020
A substantial rise in industrial control system (ICS) vulnerabilities were detected in the second half of 2020, according to Claroty’s second Biannual ICS Risk & Vulnerability Report.
The research revealed that there had been a 25% year-on-year rise in ICS vulnerabilities disclosed in this period, and a 33% increase compared to H1 of 2020. Throughout the six-months, a total of 449 vulnerabilities affecting ICS products from 59 vendors were highlighted, 70% of which were assigned high or critical Common Vulnerability Scoring System (CVSS) scores. Around three-quarters (76%) do not require authentication for exploitation.
A major factor for this increase has been the shift to digital across all industries, creating an expanded potential attack surface. Worryingly, more than two-thirds of disclosed vulnerabilities were remotely exploitable through network attack vectors.
The sectors that experienced the biggest rises in ICS vulnerabilities compared to the second half of 2019 were critical manufacturing (15%), energy (8%), water and wastewater (54%) and commercial facilities (14%).
An encouraging finding from the report was that third party researchers were responsible for 61% of discoveries, which indicates a growing focus on including ICS alongside IT security research. This increased focus on identifying ICS vulnerabilities partly explains the surge in detections disclosed.
Amir Preminger, vice-president of research at Claroty, commented: “The accelerated convergence of IT and OT networks due to digital transformation enhances the efficiency of ICS processes, but also increases the attack surface available to adversaries.
“Nation state actors are clearly looking at many aspects of the network perimeter to exploit, and cyber-criminals are also focusing specifically on ICS processes, which emphasizes the need for security technologies such as network-based detection and secure remote access in industrial environments. It is heartening to see a growing interest in ICS within the security research community, as we must shine a brighter light on these vulnerabilities in order to keep threats at arm’s length.”