Internet security firm Kaspersky has announced the development of a new threat intelligence service for industrial organizations — the ICS Vulnerabilities Database.
The new offering was announced during the recently concluded Kaspersky Industrial Cybersecurity Conference held at the seaside Russian city of Sochi.
The new service will offer customers access to a constantly-updated database containing information on vulnerabilities in industrial control systems (ICS) and industrial IoT (IIoT) products, along with rules and algorithms to detect possible attacks that could exploit them.
With this service, asset owners will be able to perform vulnerability assessments and patch management, as well as ensure they are protected from possible targeted attacks.
As in any computing system, vulnerabilities in industrial components are inevitable. Each year, Kaspersky Industrial Control Systems Cyber Emergency Response Team (Kaspersky ICS CERT) found no less than 60 new vulnerabilities in IIoT components and industrial control systems, potentially affecting hundreds and thousands of ICS or IIoT products.
Their exploitation can lead to system failure or give malware access to the product’s management and critical manufacturing data. For customers, it is important to be aware of these vulnerabilities, understand how critical they are and what can be done to patch or mitigate them, Kaspersky said.
In addition to being aware that a vulnerability exists in a product they use on their ICS network, Kaspersky said industrial organizations need to have the ability to detect a vulnerability exploitation attempt, thus preventing possible attack scenarios which might occur as a result.
The difficulty is that intrusion detection systems commonly have attack detection signatures and rules focusing primarily on IT asset protection. This means that many network attack vectors that could specifically target vulnerable ICS components might still stay undetected, the company noted.
The Kaspersky ICS Vulnerability Database will include continually updated information about the most critical vulnerabilities contained in widely-used ICS products from a variety of vendors. Each record will contain detailed technical information for industrial organizations to check whether their assets are vulnerable.
Users can then prioritize and plan vulnerable system updates or other actions to mitigate the risks of possible exploitation by a malicious actor. The information will be delivered in both a human and machine-readable format via REST API, so customers can both integrate it into their existing cybersecurity tools and manually decide on the remediation actions needed.
The second component of the Kaspersky service – the Network Attacks Signatures Database — provides signatures of ICS threats. It can be integrated with third-party intrusion detection systems to help customers minimize the risk of cybersecurity incidents in their industrial infrastructure.
“This new service aims to help customers enhance their vulnerability management and incident detection with Kaspersky expertise. Penetration testing and periodic vulnerability assessments of an industrial enterprise might give a good picture of its current cybersecurity state to motivate operation technology (OT) or security teams to make improvements. Continuously assessing vulnerability is one of the most important aspects of planning remediation to reduce the possible attack surface. But currently, it could only be implemented in a passive way due to the very nature of the relevant environments. Unfortunately, existing publicly available ICS or IIoT vulnerability information sources lack much of the required information, consistency and clarity to be useful for effective continuous vulnerability assessments. I believe that the ready-to-use intelligence and guidance that the ICS Vulnerabilities Database provides will solve this problem,” said Georgy Shebuldaev, head of Kaspersky Industrial Cybersecurity Business Development at Kaspersky
The ICS Vulnerabilities Database will go on sale in December 2019. Organizations that are interested in more information and testing the service can contact the Kaspersky team via firstname.lastname@example.org.