ICS Systems Increasingly Affected by Remote-Access Vulnerabilities, Research Finds

  • Industrial control systems (ICS) are vulnerable to remote access in greater numbers
  • Very few ICS networks remain fully air-gapped
  • The energy industry is the most affected

Threat actors could successfully attack industrial control systems (ICS) because about 70 percent of vulnerabilities discovered in the first half of 2020 allow for remote exploits, according to a paper from Claroty.

New research reveals that ICS systems are much more exposed than previously believed, a problem made worse by the fact that such systems usually control critical infrastructure and manufacturing processes. The impact of ICS vulnerabilities could be much more severe than the commercial Internet of Things (IoT) ones.

Depending on who defines IoT ecosystems, ICS devices are an integral part, especially since their vulnerabilities are remotely exploitable. The research covers 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during the first half of 2020, from 53 vendors.

ICS networks used to be fully air-gapped, meaning that vulnerabilities were local, with attackers needing direct access to the hardware. The research shows that air-gapped networks are increasingly rare, with more and more systems affected by remotely triggered exploits.

“The most common potential impact was remote code execution (RCE), possible with 49% of vulnerabilities – reflecting its prominence as the leading area of focus within the OT security research community – followed by the ability to read application data (41%), cause denial of service (DoS) (39%), and bypass protection mechanisms (37%),” says the research.

Like many cybersecurity problems in 2020, the security issues have been aggravated by the COVID-19 pandemic that encouraged a global shift to a remote workforce.

The energy industry remains the most affected of all, with 236 common vulnerabilities out of the entire pool of 385 analyzed vulnerabilities. Critical manufacturing comes in second with 197 vulnerabilities, followed by the water and wastewater operations with 171.

These industrial branches registered increases of Common Vulnerabilities and Exposures (CVEs), ranging from 59 percent to 122 percent.