TXOne Networks Publishes In-Depth Analysis of Vulnerabilities Affecting Industrial Control Systems

TXOne Networks, a global leader in OT zero trust and Industrial IoT (IIoT) security, has published its 2021 Cybersecurity Report which focuses on the vulnerabilities that can affect ICS environments. TXOne Networks' threat researchers conducted in-depth analysis of ICS-affecting vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS, a globally-accessible knowledge base of adversary tactics and techniques found in cyber attacks on ICS environments. The results of this Cybersecurity Report enable TXOne Networks to show cyber threat and research trends from 2021 and previous years that will affect the industrial control system (ICS) environment in 2022. One important observation from the report is that cyber attacks on critical infrastructure can be resisted and made significantly easier to repel by applying the OT zero trust methodology, which includes device inspection, preserving critical applications and services, network segmentation, and virtual patching.

The focus of TXOne Networks' Cybersecurity Report lies especially on the analysis of so-called Common Vulnerabilities and Exposures (CVEs) that can affect ICS environments. These industry-critical vulnerabilities are identified each year by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The MITRE ATT&CK for ICS matrix used by TXOne Networks gives an overview of "tactics" (malicious actors' goals during an attack) as well as the specific "techniques" malicious actors will use to accomplish their goals.

2021's ICS-CERT advisories

ICS-CERT advisories are published when an ICS vulnerability is released that attackers could use to cause harm. According to the Cybersecurity Report, the number of advisories dramatically increased in 2021. There were 389 advisories published, which, compared with 2020's number of 249, shows the largest year-to-year growth in the history of the ICS-CERT program. The ever-increasing number of CVEs affecting ICS environments highlights the near-impossibility of comprehensively addressing each specific vulnerability.

2021 also saw fundamental changes in the methods favored by cyber attackers, as well as more advanced and destructive supply chain attacks than ever before. Known recently-active ransomware groups include Maze, Lockbit, REvil, and DarkSide, though their activity levels can vary.

CVEs affecting ICS environments

By taking a closer look at vulnerabilities in ICS-CERT advisories from 2017 to 2021 classified by affected sector, a huge spike in vulnerabilities affecting Critical Manufacturing clearly stands out - 59.8% of CVEs identified in 2021 advisories are considered critical or high-risk.

While Critical Manufacturing is obviously in the lead, the Cybersecurity Report also shows a spike in CVEs which can be used to affect multiple sectors. Both attackers and researchers are likely to take more interest in these kinds of vulnerabilities in 2022 and 2023, because attackers can potentially exploit the same vulnerability across different kinds of operational environments.

"Our analysis of the 613 CVEs identified in advisories in 2021 that are likely to affect Critical Manufacturing environments shows that 88.8% of them might be leveraged by attackers to create an impact and cause varying degrees of disruption to ICS equipment and the environment," said Dr. Terence Liu, CEO of TXOne Networks. "For ICS environments, impact is a critical concern that includes damage or disruption to finances, safety, human lives, the environment, and equipment."

Supply Chain and Work Site Security

According to the Cybersecurity Report, while ICS-CERT shows information about CVEs that is immediately useful and necessary, it might be missing some information that can streamline the process of addressing them. More complete information provided by the National Vulnerability Database (NVD) can be critical in the creation of Software Bills of Materials (SBOMs) and the prevention of supply chain attacks, but almost 25% of CVEs take more than 3 months to reach this stage of documentation.

This underscores some crucial points. First, from a security point of view, no organization can depend on one source for cybersecurity information. In other words, ICS cybersecurity is a group effort that can't be effectively accomplished without comparing multiple sources of information. Second, due to an extended timeline for information availability, organizations can't rely on vendor patches or even released research to secure operations.

Europe deploys 7Shield - cybersecurity from space?

SHIELD – Safety and Security Standards of Space Systems, ground Segments and Satellite data assets, via prevention, detection, response and mitigation of physical and cyber threats.
The project gives an innovative boost to the protection of earth segments and satellite data resources. Protecting critical infrastructures from cyber threats. From IoT to machine learning, here are the advanced technologies integrated into the framework.
The overall concept of 7SHIELD is to provide to the European Ground Segment facilities a holistic framework enable to confront complex cyber and physical threats by covering all the macrostages of crisis management, namely pre-crisis, crisis and post-crises phases.
The Copernicus era has created a new market with the massive amounts of satellite data that the ground segments of space systems receive serve to the market and governmental bodies.
A physical/cyber-attack to their installations or communication networks, respectively, would cause debilitating impact on public safety and security of EU citizens and public authorities. A physical attack on a space ground segment makes the distribution of satellite data problematic and, on the other hand, a cyber-attack in its data storage, access and exchange affects not only the reliability of space data, but also their FAIR standards: findability, accessibility, interoperability and reusability. Current approaches do not fully exploit the recent advances in surveillance mechanisms with robotic technologies and AI.
Given the above, the Center for Security Studies (KEMEA), has successfully submitted as member of a wider consortium, 7SHIELD proposal under the topic “SU-INFRA01-2019: Prevention, detection, response and mitigation of combined physical and cyber threats to critical infrastructure in Europe” of H2020. 7SHIELD has officially started on September 2020 and will have a duration of 24 months, coordinated by ENGINEERING (Italy).
7SHIELD will be an integrated yet flexible and adaptable framework enabling the deployment of innovative services for cyber-physical protection of ground segments, such as e-fences, passive radars and laser technologies, multimedia AI technologies, that enhance their protection capabilities, while integrating or interoperating with existing protection solutions already deployed at their installations. The framework will integrate advanced technologies for data integration, processing, and analytics, machine learning and recommendation systems, data visualization and dashboards, data security and cyber threat protection. The technological solution is co-designed with first responders’ teams and contributes to policy making, standardisation and new guidelines for contingency planning and service continuity. The project will be evaluated and demonstrated in five installations of ground segments of space systems.
KEMEA will be a task leader both in identifying security requirements in relation to the technology systems in use and the integration of the 7SHIELD solution and in defining the model of the Emergency Response Plan, by following the guidelines as described in international Standards such as ISO22320:2018 Security and resilience -- Emergency management -- Guidelines for incident management. KEMEA will also have a crucial role in pilot implementation, evaluation and training and an overall contribution to the whole development of the program.