Water & Wastewater Asia January/February 2021

More documents

Recommendations

Info

32 FOCUS Remotely exploitable ICS vulnerabilities on rise in the age of COVID-19 New report from Claroty researchers finds latest ICS vulnerabilities most prevalent in energy, critical manufacturing, and water & wastewater sectors of critical infrastructure More than 70% of industrial control system (ICS) vulnerabilities disclosed in the first half (1H) of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and remote access connections. This is according to the inaugural Biannual ICS Risk & Vulnerability Report, released by Claroty, the global leader in operational technology (OT) security. The report comprises The Claroty Research Team’s assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during 1H 2020, affecting 53 vendors. The Claroty Research Team discovered 26 of the vulnerabilities included in this data set. Compared to 1H 2019, ICS vulnerabilities published by the NVD increased by 10.3% from 331, while ICS-CERT advisories increased by 32.4% from 105. More than 75% of vulnerabilities were assigned high or critical Common Vulnerability Scoring System (CVSS) scores. important it is for organisations to protect remote access connections and internet-facing ICS devices, and to protect against phishing, spam, and ransomware, in order to minimise and mitigate the potential impacts of these threats.” PROMINENCE OF RCE VULNERABILITIES HIGHLIGHTS NEED TO PROTECT INTERNET- FACING ICS DEVICES According to the report, more than 70% of the vulnerabilities published by the NVD can be exploited remotely, reinforcing the fact that fully air-gapped ICS networks that are isolated from cyber threats have become vastly uncommon. Additionally, the most common potential impact was remote code execution (RCE), possible with 49% of vulnerabilities – reflecting its prominence as the leading area of focus within the OT security research community – followed by the ability to read application data (41%), cause denial of service (DoS) (39%), and bypass protection mechanisms (37%). The prominence of remote exploitation has been exacerbated by the rapid global shift to a remote workforce and the increased reliance on remote access to ICS networks in response to the COVID-19 pandemic. VULNERABILITIES IN ENERGY, CRITICAL MANUFACTURING, AND WATER & WASTEWATER SECTORS ON THE RISE The energy, critical manufacturing, and water & wastewater infrastructure sectors were by far the most impacted by vulnerabilities published in ICS-CERT advisories during 1H 2020. Of the 385 unique Common Vulnerabilities and Exposures (CVEs) included in the advisories, energy had 236, critical manufacturing had 197, and water & “There is a heightened awareness of the risks posed by ICS vulnerabilities and a sharpened focus among researchers and vendors to identify and remediate these vulnerabilities as effectively and efficiently as possible,” said Amir Preminger, VP of Research at Claroty. “We recognised the critical need to understand, evaluate, and report on the comprehensive ICS risk and vulnerability landscape to benefit the entire OT security community. Our findings show how Breakdown of infrastructure sectors affected by vulnerabilities included in ICS-CERT advisories during 1H 2020, of which 171 are from the water and wastewater industry January / February 2021 • waterwastewaterasia.com
FOCUS 33 Most prevalent potential impacts of ICS vulnerabilities published by the NVD during 1H 2020 wastewater had 171. Compared to 1H 2019, water & wastewater experienced the largest increase of CVEs (122.1%), while critical manufacturing increased by 87.3% and energy by 58.9%. ASSESSMENT OF ICS VULNERABILITIES DISCOVERED BY CLAROTY The Claroty Research Team discovered 26 ICS vulnerabilities disclosed during 1H 2020, prioritising critical or high-risk vulnerabilities that could affect the availability, reliability, and safety of industrial operations. The team focused on ICS vendors and products with vast install bases, integral roles in industrial operations, and those that utilise protocols in which Claroty researchers have considerable expertise. These 26 vulnerabilities could have serious impacts on affected OT networks, because more than 60% enable some form of RCE. For many of the vendors affected by Claroty’s discoveries, this was their first reported vulnerability. As a result, they proceeded to create dedicated security teams and processes to address the rising vulnerability detections due to the convergence of IT and OT. The Claroty Research Team is an awardwinning group of OT security researchers known widely for its development of proprietary OT threat signatures, OT protocol analysis, and discovery and disclosure of ICS vulnerabilities. Fiercely committed to strengthening OT security and equipped with the industry’s most extensive ICS testing lab, the team works closely with leading industrial automation vendors to evaluate the security of their products. To date, the team has discovered and disclosed more than 40 ICS vulnerabilities, working closely with dozens of vendors to remediate all reported issues. Breakdown of Claroty-discovered vulnerabilities by affected product type January / February 2021 • waterwastewaterasia.com
Page 1 and 2: JANUARY / FEBRUARY 2021 www.waterwa
Page 3 and 4: January / February 2021 • waterwa
Page 5 and 6: CONTENTS 3 37 45 FOCUS 25 Unlocking
Page 7 and 8: THE NEWS 5 and increasing demand fo
Page 9 and 10: New Alfa Laval CM wireless conditio
Page 11 and 12: THE NEWS 9 Advanced water purificat
Page 13 and 14: THE NEWS 11 The local Masjid river
Page 15 and 16: THE NEWS 13 The Floodgate can be in
Page 17 and 18: 5 MINS WITH 15 DIGITAL TWINS: Bette
Page 19 and 20: 5 MINS WITH 17 Har Ghar Jal: Water
Page 21 and 22: IN THE FIELD 19 Mitigating capital
Page 23 and 24: IN THE FIELD 21 1.2 Organism Relati
Page 25 and 26: IN THE FIELD 23 Mr James U Thant Zi
Page 27 and 28: FOCUS 25 Photo by J K on Unsplash U
Page 29 and 30: FOCUS 27 Growing industrial busines
Page 31 and 32: FOCUS 29 Leaky pipes a thing of the
Page 33: FOCUS 31 learning curve has shorten
Page 37 and 38: VIEWPOINT 35 URBAN FORESTS ASSIST S
Page 39 and 40: VIEWPOINT 37 What’s next for citi
Page 41 and 42: VIEWPOINT 39 Increased vigilance in
Page 43 and 44: VIEWPOINT 41 The time corresponds t
Page 45 and 46: VIEWPOINT 43 Top five consideration
Page 47 and 48: VIEWPOINT 45 Sustainability in the
Page 49 and 50: HOTSEAT 47 VIEWPOINT 47 A matter of
Page 51 and 52: SWA/SgWX Water Utilities Series: Th
Page 53 and 54: SWA & Fluence Joint Webinar: Delive
Page 55 and 56: ON OUR RADAR 53 with IZAR radio mod
Page 57 and 58: ON OUR RADAR 55 even in harsh condi
Page 59 and 60: ON OUR RADAR 57 The lifting screw i
Page 61 and 62: ON OUR RADAR 59 Technical innovatio
Page 63 and 64: RECAP 61 To support business exchan
Page 65 and 66: EVENT CALENDAR 63 EVENTS 2021 JANUA
Page 68: For hydraulic mixing without headac

Water & Wastewater Asia January/February 2021

Create successful ePaper yourself

Delete template?

Save as template?