Analysis of Vulnerability Trends and Attacks in OT Systems

Abstract

For operational technology (OT) systems, security has been given an high priority in recent years after specific cyber-incidents targeting them. Earlier, these systems were focused mainly on reliability, and at present, security is also considered as an important factor to avoid production damage and financial losses. To improve the security in industrial systems, it is necessary to understand the flaws and provide countermeasures. In this paper, we focus on the cyber-incidents reported in Common Vulnerability Exposure (CVE) database on OT sub-systems like smart grids, Supervisory Control and Data Acquisition (SCADA) systems, embedded devices, and Programmable Logic Controllers (PLCs). We summarize the possible attacks on each of these sub-systems to gain broader insight of vulnerabilities present in them and use CVE database to enumerate trends.