"Security Researchers Reveal Staggering Magnitude of ICS Vulnerabilities in 2021 as Cyber Attacks on Critical Infrastructure Increase"
The third Biannual ICS Risk and Vulnerability Report released by the industrial cybersecurity company Claroty reveals a significant increase in the disclosure of ICS vulnerabilities in the first half of 2021 compared to the previous six months. Claroty's report provides insight into the ICS vulnerabilities publicly disclosed during the first half of 2021, including those discovered by the company's research team and those from the National Vulnerability Database (NVD), the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), Schneider Electric, and more. Amir Preminger, vice president of research at Claroty, stresses that the growing modernization of industrial processes through the connection to the cloud gives threat actors more ways to compromise industrial operations via ransomware and extortion attacks. Recent cyberattacks launched against Colonial Pipeline, JBS Foods, and the Oldsmar, Florida water treatment facility showcased the fragility of Internet-exposed critical infrastructure and manufacturing environments, and also inspired security researchers to explore ICS more. One of the key findings shared in Claroty's report is the classification of 71 percent of the ICS vulnerabilities as high or critical. Another finding is that 61 percent of the ICS vulnerabilities are remotely exploitable, emphasizing the importance of strengthening the security of remote connections, Internet of Things (IoT) systems, and Industrial IoT (IIoT) devices. This article continues to discuss additional key findings from Claroty's Biannual ICS Risk and Vulnerability Report.