See All Nexus 2024 Sessions
Claroty Nexus Logo
Topics:
See all in Cyber Resilience See all in Articles
See all in Videos
See all in Podcasts
nexus_ricci-reflection.jpg
Operational Technology
Cyber Resilience
Operational Resilience
Vulnerability Management

Nexus Reflections and Predictions: Dan Ricci

Dan Ricci
/
Dec 23, 2024

As we wind down 2024, some of our Nexus contributors have looked back on the challenges and wins the cybersecurity industry has achieved, and provided their take on what lies ahead next year within their industries and specialty areas. Today, Dan Ricci, founder of the popular ICS Advisory Project and noted critical infrastructure cybersecurity expert, identifies vulnerability key trends that emerged this year, and what we can anticipate for 2025. 

2024: A Year of Persistent Threats

2024 has undeniably been a challenging year for industrial control systems (ICS) cybersecurity. The increased stream of CISA ICS Advisories underscores the persistent threat landscape, with vulnerabilities targeting critical infrastructure across various sectors. As you can see below, through early December, there have been close to 1,000 CISA ICS advisories, affecting more than 200 vendors. This is a wide cut of the industry, affecting many of the biggest automation vendors, below. 

A snapshot of CISA ICS advisories for 2024

Key Vulnerability Trends in 2024

  • Persistent Vulnerabilities: Classic vulnerabilities such as improper input validation (CWE-20), and out-of-bounds reads/writes (CWE-125, CWE-787) continue to plague ICS systems such as Siemens and Rockwell Automation products and Fuji Electric. This may suggest that fundamental principles of security by design are overlooked in the software development cycle.

Common Weaknesses and Enumerations for 2024 affecting vendors and products.

  • Third-Party Component Risks: Vulnerabilities in third-party components, such as libraries and frameworks, have exposed ICS systems to significant risks.

Known Exploited Vulnerabilities from the ICS Advisory Project.

  • Ransomware Threat: Ransomware attacks targeting third-party software common to IT products that are used in ICS products such as Windows operating systems that support engineering workstations and SCADA software. This has become more significant in 2024 with five ICS products affected by Linux, Fortinet, and Palo Alto operating systems. The potential for attackers exploiting these vulnerabilities to disrupt operations has increased by affecting adjacent network IT systems.

A dashboard snapshot of the CISA KEV catalog from the ICS Advisory Project.

  • Supply Chain Attacks: The supply chain remains a weak link, as malicious actors can compromise software or hardware components before they reach end-users.

Predictions for 2025

Based on the trends observed in 2024, we can anticipate the following in 2025:

  • Evolving Threat Landscape: Attackers will continue to refine their techniques, targeting specific vulnerabilities and exploiting zero-day exploits.

  • Increased Focus on IoT and OT Convergence: As IoT devices become more integrated into ICS environments, new attack vectors will emerge.

  • Supply Chain Attacks: Supply chain attacks will remain a significant threat as attackers seek to compromise software and hardware components.

  • Ransomware Persistence: Ransomware will continue to be a major threat, with attackers targeting critical infrastructure for maximum impact.

Enhancing Vulnerability and Patch Management for 2025

To mitigate these risks, organizations should implement the following strategies:

  1. Proactive Patch Management:

    • Regular Patching: Establish a patch management process to address vulnerabilities as needed and necessary for critical infrastructure promptly without compromising operational availability.

    • Prioritize Critical Patches: Prioritize patches for high-severity vulnerabilities that pose immediate risks.

    • Test Patches Thoroughly: Test patches in controlled environments to minimize the risk of unintended consequences.

    • Implement Workarounds: Patching may not be possible or necessary, but compensating control provides adequate mitigation to vulnerabilities without compromising critical infrastructure's operational availability and safety.

  2. Network Segmentation:

    • Isolate Critical Systems: Segment networks to limit the impact of a breach.

    • Implement Access Controls: Restrict access to critical systems and devices.

  3. Strong Access Controls:

    • Password Policies: Enforce strong password policies, including multi-factor authentication.

    • User Privileges: Limit user privileges to the minimum necessary.

  4. Security Awareness Training:

    • Regular Training: Provide regular security awareness training to employees to reduce human error.

  5. Incident Response Planning:

    • Develop Incident Response Plans: Create detailed incident response plans to guide actions in case of security breach.

    • Regular Testing: Test incident response plans regularly to ensure their effectiveness.

  6. Threat Intelligence:

    • Stay Informed: Monitor threat intelligence feeds and security advisories to stay informed about emerging threats.

    • Proactive Defense: Use threat intelligence to identify and mitigate potential risks proactively.

By adopting these strategic measures, organizations can greatly strengthen their security framework and effectively shield critical infrastructure from the looming threat of cyberattacks. Taking action now is essential for a safer future!

Operational Technology
Cyber Resilience
Operational Resilience
Vulnerability Management
Dan Ricci
Founder, ICS Advisory Project

Dan Ricci is founder of the ICS Advisory Project, an open-source project to provide DHS CISA ICS Advisories data visualized as a dashboard to support vulnerability analysis for the OT/ICS community. He retired from the U.S. Navy after serving 21 years in the information warfare community.

Stay in the know Get the Nexus Connect Newsletter
Share
LinkedIn Twitter Facebook Email
Featured Articles
Considerations for Medical Device Vulnerability Remediation Technical Debt in OT Environments: How It's Different and Why it Matters The Purdue Model's Risky Blindspot
Featured Videos
Browse by Topics
Cyber Resilience Cybersecurity Insurance Federal Food & Beverage Healthcare Industrial Internet of Things Nexus Conference Operational Resilience Operational Technology Ransomware Risk Management Technical Debt Vulnerability Management Zero Trust
You might also like… Read more
nexus_rogers-reflection.jpg
Cyber Resilience
Operational Resilience
Risk Management
Vulnerability Management

Nexus Reflections and Predictions: Adm. Michael Rogers

ADM. Michael S. Rogers, USN (Ret.)
nexus_ballentine-reflection.jpg
Cyber Resilience
Operational Technology
Operational Resilience
Vulnerability Management

Nexus Reflections and Predictions: John Ballentine

John Ballentine
nexus_goodwin-reflection.jpg
Risk Management
Cyber Resilience

Nexus Reflections and Predictions: Cristin Flynn Goodwin

Cristin Flynn Goodwin
nexus_navigate-sbom-stds.jpg
Cyber Resilience
Vulnerability Management

SPDX, CycloneDX, or SWID: Navigating the SBOM Standard Landscape

George V. Hulme
Risk managers—especially C-suite and boards of directors—looking to establish a culture of OT cyber awareness and risk remediation proactivity in their organizations need to establish a formal and measurable program approach. The program must provide a shared vision and a practical roadmap that makes sense because it relates to many of the unique characteristics of their organization, OT environment, business model, and risk appetite.
Industrial
Risk Management

Lessons Learned from Creating an OT Cybersecurity Program in a Large, Slow-Moving Government Agency

John Ballentine
An OIG report critical of the water and wastewater industry's cybersecurity practices and posture illuminates endemic security issues within this critical infrastructure sector, from unpatched vulnerabilities to a lack of sharing of incident data.
Cyber Resilience
Industrial
Vulnerability Management
Risk Management

Water, Wastewater Cybersecurity Still Has Long Way to Go

George V. Hulme
ASL Roma 1's implementation of an advanced security operation center called HyperSOC allows it to convert its cybersecurity approach from reactive to proactive, ensuring effective management of cyber threats. The adoption of this safeguard has led to a significant reduction in security incidents, despite the growing number of attacks at national and European level, because of the continuous monitoring of the attack surface of the infrastructure, which guarantees a higher level of security than other peers in the sector.
Healthcare
Cyber Resilience
Risk Management

ASL Roma 1 HyperSOC Approach Secures Patient Safety, Operational Efficiency

Stefano Scaramuzzino
Fabio Battelli
In an increasingly interconnected and constantly evolving healthcare environment, there are numerous cybersecurity challenges that hospitals must face to guarantee patients high-quality health services, avoid interruptions in supply, optimize the use of devices, and effectively manage cyber risks. These challenges require the use of cutting-edge technologies and real-time availability of diverse data and information.
Healthcare
Risk Management
Cyber Resilience

A Predictive, Proactive Approach to the Governance of Medical Devices

Stefano Scaramuzzino
Fabio Battelli
Enterprise CISOs must consider disinformation and misinformation campaigns targeting their companies and industries as part of their threat model. Organizations must also develop disinformation response plans, similar to incident response actions.
Operational Resilience
Cyber Resilience
Risk Management

CISOs Urged to Prepare for Evolving Disinformation Tactics

George V. Hulme
Securing connectivity in operational technology (OT) environments is crucial for the safety of critical infrastructure and maintaining the uninterrupted service it provides. Leaving unnecessary open ports, protocols, and services exposed, along with directly connected devices to the internet, such as programmable logic controllers (PLCs) and human machine interfaces (HMIs), greatly increases the risks of cyberattacks.
Industrial
Operational Technology
Risk Management

Explaining the Importance of Secure Connectivity in OT

Dan Ricci
nexus_secure-by-design-labonty.jpg
Operational Technology
Cyber Resilience

Secure by Design in Manufacturing is Not an Empty Concept

Jim LaBonty
The HHS Office for Civil Rights proposes substantial rule changes to the long-standing Health Insurance Portability and Accountability Act (HIPAA) Security Rule. While details on the proposed rule changes remain unclear, HHS plans to issue a Notice of Proposed Rulemaking (NPRM) by the end of the year. These changes are believed to be the most substantial changes since the HIPAA Security rule went into effect in 2003
Healthcare
Ransomware

Significant Changes to HIPAA Security Rule on the Way

George V. Hulme
Latest on Nexus Podcast
See all episodes
The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.
noam-moshe-headshot.jpeg
Internet of Things
Operational Technology

Nexus Podcast: Noam Moshe on the IOCONTROL Malware
Team82’s Noam Moshe discusses state actor targeting of OT, why it’s so challenging to develop ransomware for OT and industrial control systems, and the mitigation strategies available to defenders of cyber-physical systems.
Cyber Resilience
Internet of Things

Nexus Podcast: Team82 on Attacking the Insecure IoT Cloud
nexus_steven-adair.jpg
Cyber Resilience
Vulnerability Management
Risk Management

Nexus Podcast: Volexity’s Steven Adair on the Nearest Neighbor Attack