ICS threat landscape highlights

Dragos releases annual analysis of ICS/OT focused cyber threats, vulnerabilities, assessments, and incident response insights.

“In 2020, the industrial community performed amazing feats to keep civilization running under challenging circumstances through a global pandemic.” said Robert M. Lee, CEO at Dragos.

“A universal impact of this effort is the acceleration of businesses operating in a hyperconnected industrial environment. Data from our YIR report shows that this trend corresponds with a 3X rise in ICS-focused threats.

“The convergence of an increasingly ICS-aware and capable threat landscape with the trend towards more network connectivity means that the practical observations and lessons learned contained in our 2020 YIR report are timely as the community continues to work to provide safe and reliable operations.”

ICS threat landscape highlights

ICS threat activity continues to rise – both in terms of the number of distinct groups tracked and the industries and regions that they are targeting. Analysts identified four distinct new ICS Activity Groups primarily targeting energy and manufacturing, known as KAMACITE, STIBNITE, TALONITE, and VANADINITE.

The eleven previously identified Activity Groups were also observed expanding their targeting to new sectors and regions, as well as modifying their behaviors with many seeking to exploit the tectonic shift to remote work to gain access to industrial networks.

ICS vulnerability highlights

Researchers analyzed 703 ICS/OT vulnerabilities in 2020, a 29 percent increase over 2019, demonstrating the rise in publicly known flaws in systems supporting industrial operations.

Analysis of these vulnerabilities and related advisories found that a slim minority could be classified as flaws that require immediate actions, such as critical vulnerabilities with perimeter-facing and network exploitable vulnerabilities.

Lessons learned from the front lines

Based on a growing set of data gathered from annual service engagements conducted by cybersecurity experts across multiple industries (electric, oil and gas, food and agriculture, manufacturing, chemical, transportation, water and wastewater, building automation equipment, mining, etc.), Dragos found that 90% of its services clients had little to no visibility into their ICS environments.

While most clients demonstrated a focus on an enhanced asset inventory, this effort is only the foundation for asset visibility. Many customers only monitored the IT to OT boundary without monitoring activity inside the ICS network.

Recommendations for improvement

As organizations strategize a path forward, five key OT cybersecurity initiatives should be implemented to improve in 2021 and beyond. These are based on the empirical evidence provided throughout the report.

The top 5 recommendations to enhance the security of an ICS environment are:

• Increase OT network visibility
• Identify & prioritize crown jewels
• Boost incident response capabilities
• Validate network segmentation
• Secure credential management