Industrial control system (ICS) are things that we depend on every day of our lives. Without them, we would not have water, electricity, telephones, working public transportation and so much more. But no one ever thinks about what it takes behind the scenes to ensure that everything runs smoothly.
Just look at the problems people face in a specific area after a natural disaster like an earthquake or a hurricane. Countless people are left without drinking water because the water lines were disrupted. Electricity fails because power lines are down. Earlier this year Texas saw its worst winter storm ever and the weather conditions led to power disruptions for millions. This meant that countless people were forced to shiver in their homes without heat, while trying to stay alive.
Now imagine if all trains in a country are shut down for just one day. Think about what would happen to that nation’s entire economy. There would be chaos.
And you certainly don’t want to think about planes dropping from the sky.
So, now you have an idea why cybersecurity startups are so valuable these days. Claroty itself just hit unicorn status last month with a billion dollar valuation. In June, Transmit Security, an Israeli cybersecurity startup which specializes in passwordless authentication, became a unicorn with a $2.2 billion valuation. Transmit raised a whopping $543 million in what is the largest Series A financing round ever held by a cybersecurity startup.
America has recently seen several attacks on its ICS. There was one on the Oldsmar, Fla., water treatment facility and Colonial Pipeline was shut down for days due to a ransomware attack.
The report was compiled by Claroty’s Team82. Team82 provides indispensable vulnerability and threat research to Claroty customers and defenders of industrial networks worldwide.
According to Claroty’s report, more than 600 ICS vulnerabilities were disclosed during the first half of 2021, affecting 76 vendors. A large percentage of those vulnerabilities were both remotely exploitable and classified as either critical or high risk. These numbers back up some of the trends identified by Team82, including the growing number of industrial assets that are now connected to the internet and potentially exposed to threat actors.
23.55% of the vulnerabilities disclosed in the first half of this year were found in products at Level 3, Operations Management, which includes Historian databases, OPC servers, and other critical machines. The next most affected Purdue Model level was Level 1, Basic Control where 15.23% of the vulnerabilities disclosed in 1H 2021 were found, followed by Level 2, Supervisory Control. This zone includes HMIs, SCADA systems, engineering workstations, and other machines that communicate directly with PLCs, RTUs, and controllers at Level 1, states the report.
But the good news, says Claroty, lies on the software side where almost 60% of vulnerabilities were remediated.
Other important facts included in the report are:
637: The number of ICS vulnerabilities disclosed in 1H 2021, almost 200 more than in our previous report covering 2H 2020
61.4%: The percentage of remotely exploitable ICS vulnerabilities
31.6%: The percentage of locally exploitable ICS vulnerabilities
26%: The percentage of ICS vulnerabilities that went unpatched, or for which only a partial remediation was suggested
65%: The percentage of ICS vulnerabilities likely to lead to total loss of availability
70: The number of vulnerabilities disclosed by Claroty’s Team82 in 1H 2021; Claroty has surpassed 150 vulnerabilities disclosed since Team82’s inception.
You can download the full report from Claroty here.
Founded in 2015, Claroty calls itself the industrial cybersecurity company which is trusted by the world’s largest enterprises. Claroty helps customers “reveal, protect, and manage their OT, IoT, and IIoT assets.” The company’s comprehensive platform connects “seamlessly” with customers’ existing infrastructure and programs while providing a full range of industrial cybersecurity controls for visibility, threat detection, risk and vulnerability management, and secure remote access—all with a significantly reduced total cost of ownership.