Prioritization and vulnerability management remains an issue
Armis research found that engineering workstations are the OT device that received the most attempts of attack in the industry in the past two months, followed by SCADA servers. Fifty-six percent of engineering workstations have at least one unpatched critical severity Common Vulnerabilities and Exposures (CVEs) and 16% are susceptible to at least one weaponised CVE, published more than 18 months ago.
Programmable Logic Controllers (PLCs) are another example, with 41% having at least one unpatched critical severity CVE. These legacy devices are of high importance as if attacked could lead to the disruption of central operations, but the research highlighted they can be susceptible to high risk factors such as end of support hardware and end of support firmware.
A set of additional devices represent risk to manufacturing, transportation and utilities environments as they have at least one weaponised CVE published before January 2022: 85% of barcode readers, 32% of industrial managed switches, 28% of IP cameras and 10% of printers.
“In an ICS environment it’s pretty common to have vulnerable devices, so professionals need to see what assets are on their network and additional intelligence on what those devices are actually doing,” said Nadir Izrael CTO and Co-founder of Armis. “Contextual data will enable teams to define what risk each device poses to the OT environment so that they can prioritise remediation of critical and/or weaponised vulnerabilities to quickly reduce the attack surface.”
There is a need for collaboration between OT and IT teams
OT industries have significantly changed in the past years due to the convergence of OT and Information Technology (IT). This alignment is driving a new phase for the Industrial Era and will enable cross-domain collaboration but, in practice, unified management of both environments has yet to take place. With OT teams focused on maintaining industrial control systems, mitigating risks to OT and ensuring overall integrity within operational environments, more IT focused duties have been left aside.
Four out of the five riskiest devices notably run windows operating systems, showcasing how a basic understanding of asset risk and securing vulnerable assets is still a challenge for IT and OT teams.
Armis looked at device types and found that many are more exposed to malicious activity because they are using the SMBv.1 protocol, end of support operating systems and many open ports. SMBv.1 is a legacy, unencrypted and complicated protocol with vulnerabilities that have been targeted in the infamous Wannacry and NotPetya attacks. Security experts previously advised organisations to stop using it completely but the data shows it is still preeminent in the field.
“From an organisational perspective, having a risk-based approach to vulnerability management must go hand in hand with OT and IT departments working together to help coordinate mitigation efforts,” continued Izrael. “Cross-departmental projects will help streamline process and resource management and achieve greater compliance and data security. Overall, to navigate the challenges of the new industrial era, security professionals need an IT/OT convergence security solution that shields all assets connected to the network.”