-
Industrial
- Healthcare
-
Commercial
- Public Sector
- Threat Research
- Partners
-
Resources
Featured Content
- Company
Blog / 4 min read
After decades of connecting assets and devices to the Internet, we’ve reached the point where our lives and livelihoods depend on links to digital components. Even our most basic needs — like food, water, heat, and medical care — depend on the Extended Internet of Things (XIoT), an umbrella term for wide range of cyber-physical systems, including operational technology (OT), industrial control systems (ICS), Internet of Medical Things (IoMT), building management systems (BMS), and enterprise IoT.
Pervasive connectivity has driven productivity, sustainability, and innovation, which has been good for business — increasing competitive advantage, market share, and profitability. However, threat actors have been gaining pathways into OT networks because the cyber-physical systems and the devices that underpin them are not always secure, leaving their environments directly exposed to the Internet.
The time has come to take a deep look at the XIoT vulnerability landscape so that decision makers in critical sectors can make more informed decisions about how to strengthen OT security and build cyber and operational resilience. The new State of XIoT Security Report: 1H 2022 from Claroty’s Team82 reveals vulnerability disclosure trends, provides in-depth analysis, and recommends security measures in response to these trends. Following are key takeaways from this new report that every OT security decision maker should be aware of.
15% of vulnerabilities were found in IoT devices, a significant increase from 9% in Team82’s last report covering the second half (2H) of 2021. Additionally, for the first time, the combination of IoT and IoMT vulnerabilities (18.2%) exceeded IT vulnerabilities (16.5%). This indicates enhanced understanding on the part of vendors and researchers to secure these connected devices as they can be a gateway to deeper network penetration.
For the first time, vendor self-disclosures (29%) have surpassed independent research outfits (19%) as the second most prolific vulnerability reporters, after third-party security companies (45%). The 214 published CVEs almost doubles the total in Team82’s 2H 2021 report of 127. This indicates that more OT, IoT, and IoMT vendors are establishing vulnerability disclosure programs and dedicating more resources to examining the security and safety of their products than ever before.
Published firmware vulnerabilities were nearly on par with software vulnerabilities (46% and 48% respectively), a huge jump from the 2H 2021 report when there was almost a 2:1 disparity between software (62%) and firmware (37%). The report also revealed a significant increase in fully or partially remediated firmware vulnerabilities (40% in 1H 2022, up from 21% in 2H 2021), which is notable given the relative challenges in patching firmware due to longer update cycles and infrequent maintenance windows. This indicates researchers’ growing interest in safeguarding devices at lower levels of the Purdue Model, which are more directly connected to the process itself and thus a more attractive target for attackers.
On average, XIoT vulnerabilities are being published and addressed at a rate of 125 per month, reaching a total of 747 in 1H 2022. The vast majority have CVSS scores of either critical (19%) or high severity (46%).
Nearly three-quarters (71%) have a high impact on system and device availability, the impact metric most applicable to XIoT devices. The leading potential impact is unauthorized remote code or command execution (prevalent in 54% of vulnerabilities), followed by denial-of-service conditions (crash, exit, or restart) at 43%.
Despite the progress being made in releasing software patches and firmware updates, they aren’t always available or can be difficult for OT engineers and security teams to implement quickly due to the impact on downtime. The report recommends the following mitigation strategies to strengthen OT security and build cyber and operational resilience:
Physical network segmentation between IT and OT networks reduces the chance of an attack on the IT network spreading to the OT network, but it can be a drawn out and costly endeavor. A cost-effective, efficient alternative is the use of network protection policies to enable virtual segmentation within the OT environment, including micro segmentation for XIoT devices. Zero Trust Programs are closely related and a fundamental best practice for operational resilience, providing strong controls over user and device access through least privilege policies and strong authentication mechanisms.
Hand-in-hand with segmentation and zero trust is Secure Remote Access (SRA). Claroty Secure Remote Access (SRA) minimizes the risks of unauthorized OT remote access by empowering administrators to control access based on roles and policies, centrally manage user credentials, gain visibility into all remote connections and activities, and terminate sessions or view recordings in retrospect for forensic purposes if needed.
XIoT devices and systems are typically connected to the Internet and managed from the cloud. However, vulnerabilities of cloud-managed devices and management consoles in the cloud often escape the attention of asset owners and security teams. Claroty xDome allows you to verify cloud support protocols of XIoT devices so you can use security mechanisms such as encryption and certificates to help protect the exchange of data. While authentication and identity management mechanisms and access control policies help prevent unauthorized access to devices and systems.
