Claroty Biannual ICS Risk & Vulnerability Report: 2H 2020

EXECUTIVE SUMMARY

Few of us will fondly remember 2020, a transformative year that forced businesses worldwide to rethink and reprioritize remote workforces, their impact on productivity and business continuity, and the expanded attack surfaces consequential to those changes.

Opportunistic attackers went especially low throughout 2020, elevating extortion and ransomware attacks within their arsenals and targeting critical infrastructure and services, such as manufacturing, health care, electric and water utilities, and food and beverage. This dynamic created a race between attackers, researchers, and defenders to find exploitable vulnerabilities, especially in industrial control systems, SCADA control systems, and operational technology (OT) protocols and networks.

These systems and communication protocols oversee industrial processes in dozens of industries, and any weak spot could be a beacon to threat actors keen on accessing the internals of an industrial enterprise and either disrupting or modifying processes central to the business.

Claroty has attempted to define the vulnerability landscape around industrial cybersecurity, and in this, our second Biannual ICS Risk & Vulnerability Report of 2020, our research team presents a comprehensive look at ICS vulnerabilities disclosed publicly during the second half of 2020 (2H 2020). The data presented in this report includes security flaws found by Claroty researchers, as well as those found by independent researchers and experts inside other organizations.

By illuminating current risk and vulnerability trends, we hope to inform OT security managers and operators with additional context around these threats and risks to their environment in order to enhance their decision-making. It is important to note that security incidents that involved ICS vulnerabilities disclosed in 2H 2020 are not a focal point of this report because such incidents—whether ICS-targeted or opportunistic attacks—can skew the perceptions of the prevalence and impact of a given vulnerability.

Key data points in this report include:

ICS SECURITY RESEARCH AND DISCLOSURE TRENDS

• During 2H 2020, 449 vulnerabilities were disclosed affecting ICS products from 59 vendors. More than 70% of those flaws were assigned high or critical Common Vulnerability Scoring System (CVSS) scores, down from more than 75% in 1H 2020.
• The number of ICS vulnerabilities disclosed in 2020 increased by 32.89% compared to 2018 and 24.72% compared to 2019. The primary factors for the increase are likely heightened awareness of the risks posed by ICS vulnerabilities and increased focus from researchers and vendors on identifying and remediating such vulnerabilities as effectively and efficiently as possible.

Download report to find out more.