There is no question that safety, reliability, and profitability within power and other critical infrastructure facilities face a growing, worldwide threat from cyber attacks. Outlaws are bent on cutting power companies’ cyber versions of barbed wire, or the Devil’s Rope. Unfortunately, many ICS asset owners lack an accurate understanding of their true risk – particularly from industrial control system vulnerabilities.
Exploitation of vulnerabilities in industrial networks can lead to significant consequences. Level 1 and 0 ICS vulnerabilities exist in organizations today, but they are difficult to identify and remediate using current methods. This leads organizations to focus on Level 2 vulnerabilities instead. However, Level 1 and 0 vulnerabilities are what matter most in industrial environments as they have the greatest influence on production and safety. Automating discovery and elimination of these vulnerabilities should be a top priority for ICS cybersecurity teams and one of the best defenses in a fence cutter war with no end in sight.
This paper examines:
- How the Devil’s Rope of today has left our industrial plants vulnerable
- What are the current ICS vulnerability management challenges
- Why taking a production-centric approach is a better way to manage ICS vulnerabilities