Reports published in the past couple of months by various industrial cybersecurity companies provide different numbers when it comes to the vulnerabilities discovered in industrial control system (ICS) products in 2022. SecurityWeek has analyzed the methodologies used by these companies in an effort to understand the discrepancies in numbers and trends.
Some companies have reported seeing an increase in the number of ICS vulnerabilities, while others claim there has been a drop. However, looking at their methodologies helps clear up any confusion and shows that the contradictory trends result from the use of different sources and different methods of counting security holes.
SecurityWeek’s analysis of the various reports shows that the number of ICS vulnerabilities has continued to grow, which is not surprising considering that security researchers are increasingly interested in this field and vendors are also stepping up their game and finding more flaws. But let’s take a look at why some headlines might suggest differently.
Dragos, SynSaber and Claroty all reported seeing an increase in the number of ICS vulnerabilities, although their methodologies differ significantly. IBM reported a decrease in the number of ICS vulnerabilities, but its numbers represent advisories published by CISA, not individual flaws. Nozomi Networks reported a decrease, but it’s likely due to a change in its methodology.
These discrepancies can be explained by the use of different data sources and different methods of counting vulnerabilities. SecurityWeek’s analysis shows that the number of ICS vulnerabilities continues to grow, despite any conflicting headlines.
Key Points:
- Reports from different industrial cybersecurity companies provide different numbers when it comes to the vulnerabilities discovered in industrial control system (ICS) products in 2022.
- These discrepancies can be explained by the use of different data sources and different methods of counting vulnerabilities.
- SecurityWeek’s analysis shows that the number of ICS vulnerabilities continues to grow, despite any conflicting headlines.
