Security News > 2023 > February > XIoT vendors get serious about security, devote resources to protect cyber-physical systems

XIoT vendors get serious about security, devote resources to protect cyber-physical systems
2023-02-17 04:00

Cyber-physical system vulnerabilities disclosed in the second half of 2022 have declined by 14% since hitting a peak during 2H 2021, while vulnerabilities found by internal research and product security teams have increased by 80% over the same time period, according to Claroty.

These findings indicate that security researchers are having a positive impact on strengthening the security of the Extended Internet of Things, a vast network of cyber-physical systems across industrial, healthcare, and commercial environments, and that XIoT vendors are dedicating more resources to examining the security and safety of their products than ever before.

Report is a deep examination and analysis of vulnerabilities impacting the XIoT, including operational technology and industrial control systems, Internet of Medical Things, building management systems, and enterprise IoT. "Cyber-physical systems power our way of life. The water we drink, the energy that heats our homes, the medical care we receive - all of these rely on computer code and have a direct link to real-world outcomes," said Amir Preminger, VP research at Claroty.

"The purpose of Team82's research and compiling this report is to give decision makers in these critical sectors the information they need to properly assess, prioritize, and address risks to their connected environments, so it is very heartening that we are beginning to see the fruits of vendors' and researchers' labor in the steadily growing number of disclosures sourced by internal teams. This shows that vendors are embracing the need to secure cyber-physical systems by dedicating time, people, and money to not only patching software and firmware vulnerabilities, but also to product security teams overall," Preminger continued.

Severity: 71% of vulnerabilities were assessed a CVSS v3 score of "Critical" or "High", reflecting security researchers' tendency to focus on identifying vulnerabilities with the greatest potential impact in order to maximize harm reduction.

Attack vector: 63% of vulnerabilities are remotely exploitable over the network, meaning a threat actor does not require local, adjacent, or physical access to the affected device in order to exploit the vulnerability.


News URL

https://www.helpnetsecurity.com/2023/02/17/xiot-protect-cyber-physical-systems/