TXOne Networks releases its Cybersecurity Report 2021, vulnerabilities affecting industrial control systems

TXOne Networks has published its 2021 Cybersecurity Report, which focuses on the vulnerabilities that can affect ICS environments.

TXOne Networks’ threat researchers conducted in-depth analysis of ICS-affecting vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS, a globally-accessible knowledge base of adversary tactics and techniques found in cyberattacks on ICS environments.

The results of this Cybersecurity Report enable TXOne Networks to show cyber threat and research trends from 2021 and previous years that will affect the industrial control system (ICS) environment in 2022. One important observation from the report is that cyberattacks on critical infrastructure can be resisted and made significantly easier to repel by applying the OT zero trust methodology, which includes device inspection, preserving critical applications and services, network segmentation, and virtual patching.

The focus of the report lies on the analysis of common vulnerabilities and exposures (CVEs) that can affect ICS environments. These industry-critical vulnerabilities are identified each year by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

By taking a closer look at vulnerabilities in ICS-CERT advisories from 2017 to 2021 classified by affected sector, a huge spike in vulnerabilities affecting critical manufacturing stands out; 59.8 per cent of CVEs identified in 2021 advisories are considered critical or high-risk.

While critical manufacturing is in the lead, the report also shows a spike in CVEs, which can be used to affect multiple sectors. Both attackers and researchers are likely to take more interest in these kinds of vulnerabilities in 2022 and 2023, because attackers can potentially exploit the same vulnerability across different kinds of operational environments.

“Our analysis of the 613 CVEs identified in advisories in 2021 that are likely to affect Critical Manufacturing environments shows that 88.8 per cent of them might be leveraged by attackers to create an impact and cause varying degrees of disruption to ICS equipment and the environment,” said Terence Liu, CEO, TXOne Networks. “For ICS environments, impact is a critical concern that includes damage or disruption to finances, safety, human lives, the environment, and equipment.”