TMCnet News
SynSaber Releases ICS CVE Retrospective: 3 Years of CISA AdvisoriesICS/OT Cybersecurity Firm Notes 144% Rise in CVEs Reported as ICS Advisories CHANDLER, Ariz., Feb. 9, 2023 /PRNewswire/ -- SynSaber, an early-stage ICS/OT cybersecurity and asset monitoring company, announced today the release of the company's first Industrial Control Systems (ICS) CVE Retrospective: 3 Years of CISA Advisories, which provides insights and analysis of CISA issued CVEs over the past three years. The number of CVEs reported via ICS Advisories has increased each year. The ever-growing volume of vulnerabilities highlights continued efforts to secure the ICS systems critical to our nation's energy, manufacturing, water, and transportation infrastructure. But the growing focus and regulation come with additional administrative requirements for an already overstretched ICS wrkforce. Operators in critical infrastructure are being asked to analyze, mitigate, and report on new and existing vulnerabilities. "The number of ICS vulnerabilities reported are growing at an exponential rate, creating more alert fatigue and potential apathy within the ICS/OT ecosystem," said Jori VanAntwerp, SynSaber Co-Founder and CEO. "This report highlights the great work being done by manufacturers, CISA, researchers, and vendors to disclose vulnerabilities, while recognizing the need for more context around these CVEs to determine what should be patched and remediated to protect our national security and infrastructure." Key Findings:
"It's key to remember that one does not simply patch ICS. In addition to operational barriers to entry, there are a number of practical challenges to updating industrial systems. ICS has not only software components to update but also device firmware and architectural challenges that may involve updating whole protocols," said Ron Fabela, SynSaber Co-Founder and CTO. "Each has a level of risk that should be considered when prioritizing activities. For example, upgrading device firmware may come with a significant risk of 'bricking' the system, which could be hard to recover." SynSaber will provide copies of the report to attendees at the S4x23 ICS Security Conference next week in Miami, Fl., https://synsaber.com/news-and-events/s4x23-ics-security-conference/ For more information on the report, please visit: https://synsaber.com/resources/industrial-cve-retrospective-2020-2021-2022 About SynSaber:
SOURCE SynSaber ![]() |