Top operational technology (OT) and industrial control systems (ICS) devices that cyber threaten the manufacturing, utilities and transportation industries are engineering workstations, SCADA servers, automation servers, historians and programmable logic controllers (PLCs), according to Armis’ newly released research.
An analysis by Armis’s Asset Intelligence and Security Platform, which tracks more than three billion assets, found that engineering workstations are the OT device that received the most cyberattack attempts in the industry in the past two months, followed by SCADA servers.
A Closer Look at Armis' Research
Here's what Armis, an asset visibility and security provider, found:
- Engineering workstations: Roughly 56% have at least one unpatched critical severity common vulnerabilities and exposures (CVEs). Some 16% are susceptible to at least one weaponized CVE published more than 18 months ago.
- Uninterruptible Power Supplies (UPS): Data showed that 60% of UPS devices have at least one unpatched critical severity CVE.
- Programmable Logic Controllers (PLCs): 41% have at least one unpatched critical severity CVE.
Armis found devices that also threaten manufacturing, transportation and utilities environments have at least one weaponized CVE published before January 2022. This includes 85% of barcode readers, 32% of industrial managed switches, 28% of IP cameras and 10% of printers.
It’s not unusual to have multiple vulnerable devices in an ICS setting, said Nadir Izrael, Armis chief technology officer and co-founder. As Izrael explained:
“In an ICS environment it's pretty common to have vulnerable devices, so professionals need to see what assets are on their network and additional intelligence on what those devices are actually doing. Contextual data will enable teams to define what risk each device poses to the OT environment so that they can prioritize remediation of critical and/or weaponized vulnerabilities to quickly reduce the attack surface.”
Imperative for OT and IT Team Collaboration
There is a need for collaboration between OT and IT teams, Armis said. For example, four out of the five riskiest devices run Windows, an indication that understanding asset risk and securing vulnerable assets is still a challenge for IT and OT teams.
In elaborating on the inter-relationship between OT and IT, Izrael said:
“From an organizational perspective, having a risk-based approach to vulnerability management must go hand in hand with OT and IT departments working together to help coordinate mitigation efforts. Cross-departmental projects will help streamline process and resource management and achieve greater compliance and data security. Overall, to navigate the challenges of the new industrial era, security professionals need an IT/OT convergence security solution that shields all assets connected to the network.”