In-Depth Analysis of ICS Vulnerability with MITRE ATT&CK

2021’s increase in discovered vulnerabilities and ICS-CERT advisories is directly tied to the amount of work security specialists will have to do in order to maintain work site cybersecurity. Although SBOMs are being put forth as a possible new standard to address vulnerabilities in work sites, our current means of documenting CVEs may not yet be comprehensive enough to fully support this. It may currently be difficult to make totally sure that every vulnerability is tracked and addressed. U.S. President Biden’s Executive Order suggested many potential solutions to address the urgent need for improvements in cybersecurity.
One such solution is the “Zero Trust Architecture”. TXOne Networks has found an adapted form of the zero trust architecture that we call “OT zero trust” to offer unique improvements in cybersecurity to both supply chains and ICS environments.

This methodology originates in IT zero trust, which is based on a disagreement with an idea that has traditionally been a foundation of cybersecurity: that some networks are ‘trustworthy’ and others are ‘untrustworthy’. A core principle of IT zero trust is that we “never trust, [and] always verify” – this idea was created based on the IT perspective that a network is designed for human operators or “users.”