Study reveals major vulnerabilities in operational technology

A recent study by Claroty, a vendor focusing on cyber-physical systems (CPS) protection, has unveiled significant security vulnerabilities in operational technology (OT) assets. The research indicates that 13 percent of these critical assets possess insecure internet connections, and 36 percent of them harbour at least one Known Exploited Vulnerability (KEV). These factors combine to make these assets susceptible to entry points for cyber attackers, potentially enabling substantial disruption to operations.

Claroty's comprehensive analysis of over 125,000 OT assets, conducted by its award-winning research group, Team82, revealed that 3.7 percent of all OT assets are vulnerable due to insecure internet connections. This includes systems communicating over the Internet in a manner that attackers can exploit through IP address scanning and remote access attempts.

Moreover, the study highlights that 13 percent of engineering workstations (EWS) and human-machine interfaces (HMIs) are connected to insecure networks. Due to their connectivity, these systems are crucial for monitoring, controlling, and updating production systems and can provide attackers with a gateway to industrial control systems and enterprise IT networks.

Alarmingly, 36 percent of these vulnerable EWS and HMIs feature at least one KEV. Their critical role, exposure to the Internet, and known vulnerabilities make them prime targets for threat actors intent on causing operational disruptions.

Amir Preminger, vice president of research for Team82, commented, "Our research underscores the notion that increased remote access correlates with a broader attack surface and a higher risk of disruptions to critical infrastructure. This can ultimately affect public safety and the availability of essential services. With remote access now the standard for mission-critical OT assets, organisations must ensure they provide access on a strictly needed basis."

To address these emerging risks, Claroty has introduced an upgraded version of its secure access solution called Claroty xDome Secure Access. This tool is designed to balance seamless operational access with stringent security controls, thus enhancing productivity while mitigating risks and ensuring compliance for both internal and external users.

The xDome Secure Access solution incorporates fundamental security principles, including Identity Governance and Administration (IGA), Privileged Access Management (PAM), and Zero Trust Network Access (ZTNA). This combination sets new benchmarks for resilience and operational efficiency within CPS environments by offering a cohesive approach to managing CPS interactions while maintaining rigorous security; Claroty's chief product officer, Grant Geyer er, emphasised the importance of secure and efficient access: "Frictionless access to industrial CPS assets is crucial for maximising business outcomes, yet many OT assets were historically insecure by design. Claroty xDome Secure Access facilitates productive access with integrated security that remains essentially transparent to the operator, which is vital for protecting critical infrastructure."