Skip to main content

Industrial systems plagued with security vulnerabilities

security
(Image credit: Shutterstock / Song_about_summer)

The number of vulnerabilities disclosed in industrial control systems (ICS) this year increased by 41 percent, compared to 2020. Many of these vulnerabilities were deemed either “critical” or “high risk”, and with ransomware growing more popular and more devastating by the day, this could spell trouble for many critical infrastructure operators.

These are the conclusions of a new report, recently published by Team82, a cybersecurity research team with industrial security firm Claroty.

The paper claims there 637 ICS vulnerabilities were disclosed in the first half of 2021, a 41 percent jump. Between 2019 and 2020, the increase was 25 percent, meaning the number of disclosed vulnerabilities is rising fast.

Operations management, supervisory control and basic control were the three most vulnerable levels of operation. 

Of the 637 vulnerabilities reported in H1, almost three-quarters (71 percent) were labelled “high risk” or “critical”. Two-thirds (65 percent) could result in total loss of availability and prevent access to key resources. A quarter (26 percent) can only partially be addressed, while in some cases no fix is available.

The worst part, Team82 claims, is that one doesn’t have to be a hacker supreme to take advantage of these vulnerabilities. Almost all of them (90 percent) have a low attack complexity, while 74 percent don’t even require any specific privileges to be exploited.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.