CHANDLER, Ariz., Aug. 2, 2023/PRNewswire/– SynSaber, a company specializing in industrial asset and network monitoring, has partnered with the ICS Advisory Project to release their bi-annual ICS Vulnerabilities report. This report examines the Common Vulnerabilities and Exposures (CVEs) reported through CISA ICS Advisories in the first half of 2023, providing insights and highlighting significant trends within the industry. The report also compares these findings to previous years, offering a comprehensive overview of the state of vulnerabilities and their impact on critical infrastructure.
With the increased regulation of critical infrastructure and the Industrial Control Systems (ICS) that support them, there is a growing emphasis on cybersecurity and operations maturity. As a result, vulnerability management has become increasingly important. The targeting and exploitation of vulnerabilities within U.S. critical infrastructure have become more common, necessitating a deeper understanding of the entities reporting these vulnerabilities, the sectors most affected, and the severity of the identified vulnerabilities.
Jori VanAntwerp, Co-Founder and CEO of SynSaber, highlighted the importance of understanding the unique nature of each OT environment and the need for asset owners to prioritize vulnerability mitigation based on their specific circumstances. VanAntwerp stated, “One thing is certain: the number of CVEs reported is likely to continue increasing over time or at least remain steady. It is our hope that this research helps asset owners prioritize when and how to mitigate vulnerabilities in accordance with their own environment.”
The key findings from the report include:
1. 34% of the CVEs reported in the first half of 2023 do not have a patch or remediation available from the vendor. While this percentage is comparable to the second half of 2022, it represents a significant increase from the 13% recorded in the first half of 2022.
2. The total number of CISA ICS Advisories has experienced a 9.8% decrease when compared to the first half of 2022.
3. Likewise, the total number of CVEs reported via CISA ICS Advisories has decreased slightly, at a rate of 1.6% as compared to the first half of 2022.
4. Manufacturing and Energy were the two critical infrastructure sectors most likely to be impacted by the CVEs reported in the first half of 2023, accounting for 37.3% and 24.3% of the reported vulnerabilities, respectively.
Dan Ricci, Founder of the ICS Advisory Project, expressed his excitement about the research collaboration with SynSaber. Ricci emphasized the importance of educating companies on vulnerabilities and emerging trends to better defend critical infrastructure. “Educating and helping companies mitigate vulnerabilities as new trends and findings emerge over time is an ongoing challenge, but as a community, we must come together to better prepare and defend our world’s critical infrastructure,” said Ricci.
The report can be downloaded from SynSaber’s website for those interested in a deeper understanding of the vulnerabilities identified in the first half of 2023. Additionally, SynSaber’s CEO, Jori VanAntwerp, will be available for discussions about the CVE report and other OT-related topics at the upcoming Black Hat conference.
About SynSaber:
SynSaber is a powerful industrial asset and network monitoring solution designed to provide continuous insight into the status, vulnerabilities, and threats across every point in the industrial ecosystem. By empowering operators to observe, detect, and defend OT/IT systems, SynSaber aims to protect critical infrastructure. The company is privately held and has received funding from SYN Ventures, Rally Ventures, and Cyber Mentor Fund.
About The ICS Advisory Project:
The ICS Advisory Project is an open-source analysis tool that assists OT asset owners, CISOs, cybersecurity analysts, and researchers in identifying threats and vulnerabilities within critical infrastructure. The project’s interactive dashboards provide crucial insights based on research, analysis, and data enrichment carried out using various sources such as CISA ICS Advisories, CVEs, MITRE ATT&CK, and other threat/vulnerability data. The full ICS[AP] dataset is available on GitHub for public access.
Source: SynSaber