In a report released Wednesday, IoT/OT (Industrial Operational Technology/Operational Technology) vulnerabilities were surveyed based on data gathered in the first half(1H) of 2021 by Claron. The team was careful to point out they found that 69.7% of the time integrity of information was not affected by successful exploitation. According to the report “Remediation is available for 74.4% of the vulnerabilities however, of the 637 ICS vulnerabilities disclosed in the 1H 2021, 25.59% have either no available fix, or a partial remediation and 13.5% have no remediation available to date.”
ICS security has been gaining more attention with pipeline, food source, and water utility attacks of 2021. 80% of the vulnerabilities reported in this study came from sources such as independent researchers, academics, and third-party companies. While this is encouraging, it is important to take basic steps securing ICS devices as a first line of defense as researchers work to discover and remediate the hardware and software vulnerabilities. United States CISA offers resources enterprise may use to ensure minimal compliance and protection when securing ICS. Network segmentation and zone-specific policies top the list as a most effective step to mitigation. Survey access control lists and password policies for all devices regularly. Secure remote access, ensuring VPN software is patched.