The State of XIoT Security Report: 1H 2022
Download the Report
Claroty Logo


OT:ICEFALL Vulnerabilities Underscore the Importance of Compensating Controls

/ June 24th, 2022

The recent disclosure of 56 vulnerabilities affecting thousands of operational technology (OT) devices from ten major vendors — collectively known as OT:ICEFALL — serves as a potent reminder not only of the risks exacerbated by digital transformation, but also of the escalating challenges facing security practitioners and asset owners. Nonetheless, the notion that these vulnerabilities indicate a lack of progress in OT security over the past decade is misleading.

Rather, the report's finding that many OT devices remain inherently vulnerable or "insecure by design" — despite, in many cases, certifications or other indicators implying the opposite — reinforces why maintaining an up-to-date asset inventory, zero-trust architecture (particularly with respect to segmentation and access controls), continuous monitoring, and effective governance are so crucial. Indeed, such measures are core to the OT:ICEFALL mitigations recommended by the affected vendors as of this writing.

Growing Interest in ICS Vulnerability Research

According to Claroty's Biannual ICS Risk & Vulnerability Report: 2H 2021, the total number of ICS vulnerabilities disclosed annually increased by 110% in just three years, from 683 in 2018 to 1,439 in 2021. During the same period, the number of vulnerability disclosures published by ICS vendors' internal research teams increased 76% from 128 to 226.

Vulnerabilities exist regardless of whether or not they are discovered by researchers or exploited by adversaries. The rise in ICS vulnerability disclosures and CVE assignments does not necessarily reflect a worsening or stagnation of effort to enhance the security of OT devices. Rather, these growing numbers closely correlate with increased interest in — and awareness of the critical importance of — strengthening ICS security among both researchers and vendors.

The Critical Importance of Compensating Controls

Prioritization is key to effective vulnerability management in any context, and this is especially true when it comes to OT. Patching industrial devices often comes with the hefty opportunity cost of downtime and other challenges associated with implementing security upgrades across complex environments in which 24/7 uptime and infrequent maintenance windows are the norm.

Another prevalent barrier to applying patches in OT is the fact that the patches themselves may not always be readily or immediately available. This is the current situation with OT:ICEFALL because these particular vulnerabilities are inherent to the firmware and/or protocols of the affected devices.

These and other scenarios in which applying patches in a timely manner — if at all — simply isn't feasible are where compensating controls come in. Proactively implementing (and, as needed, reactively tuning) risk-informed policies in accordance with a zero-trust architecture helps greatly reduce the likelihood and mitigate the risks posed by the exploitation of all manner of known and unknown vulnerabilities in an OT environment.

How Claroty Can Help

At Claroty, we understand that there's no all-in-one fix for the ever-present risk posed by vulnerabilities within your OT environment. That's why our best-in-class platform delivers purpose-built capabilities for identifying security flaws, assessing the risk they pose to your organization, informing mitigations, and implementing compensating controls. These capabilities include, but are not limited to:

  • Unmatched Asset Visibility

    You can't protect what you can't see, so the first step in securing your ICS environment is to establish granular, real-time visibility into all your assets. Achieving a comprehensive asset inventory requires purpose-built tools capable of overcoming ICS-specific challenges, such as a lack of standardized technology and the use of proprietary protocols.

  • Risk Scoring and Attack Vector Mapping

    Just because a vulnerability with a critical CVSS severity score is present in your environment, that doesn't necessarily mean it is accessible or exploitable by (much less of strategic value to) adversaries. Claroty's granular Risk Scoring and Attack Vector Mapping capabilities identify your most at-risk assets by continuously assessing their behavior, location, vulnerability, and other details while simulating the various means through which an attack could be carried out. Armed with this information, you're better equipped to prioritize your prioritization, remediation, and mitigation efforts based on the real risk posed to your unique environment.

  • Virtual Zones

    Proper ICS network segmentation can make all the difference when it comes to preventing an adversary from moving laterally across a network following initial exploitation. However, physically segmenting cyber-physical systems and other network assets is often a lengthy, costly, and disruptive process. Claroty Virtual Zones bypass these challenges by digitally segmenting ICS networks based on which assets communicate regularly. Users can then create granular rules and policies for each Virtual Zone in alignment with Zero Trust principles.

To learn more about Claroty's industry-leading ICS research, download our latest Biannual ICS Risk & Vulnerability Report.


Featured Articles

Interested in learning about Claroty's Cybersecurity Solutions?

Claroty Logo
LinkedIn Twitter YouTube Facebook