Dragos has conducted an extensive report that provides a comprehensive analysis of the current state of cybersecurity in the industrial control systems (ICS) and operational technology (OT) sectors. The report is based on data collected from various sources, including Dragos’ own threat intelligence platform, and provides valuable insights into the latest threats, trends, and best practices in ICS/OT cybersecurity.
One of the key takeaways from the report is the increasing sophistication of cyber-attacks targeting ICS/OT systems including CHERNOVITE’S PIPEDREAM. The report highlights the growing use of advanced persistent threats (APTs) and ransomware attacks, which are becoming more targeted and customized to exploit specific vulnerabilities in ICS/OT environments. In fact, Ransomware attacks on industrial infrastructure organizations nearly doubled in 2022. These have the capability to impact devices that control critical infrastructure – devices that manage the electrical grid, oil and gas pipelines, water systems, and manufacturing plants. For industrial operators this is a supply chain risk, as the methods target key vendor systems. PIPEDREAM is the first reusable cross-industry capability that impacts native functionality in industrial protocols and a wide variety of devices. Dragos and its third-party partners discovered and analyzed its capabilities before it was employed.
In response, the report emphasizes the importance of implementing robust security measures, such as network segmentation, access controls, and incident response plans, to mitigate the risk of cyber-attacks.
The Dragos ICS/OT Cybersecurity Review 2022 is an essential resource for anyone involved in securing ICS/OT systems. The report provides a wealth of information on the latest threats and trends in the field, and offers practical advice on how to improve cybersecurity posture. With cyber-attacks on ICS/OT systems becoming increasingly frequent and sophisticated, it is more important than ever to stay informed and take proactive steps to protect critical infrastructure.