Exclusive Webinar:

Join us Oct. 6 as Rockwell Automation & Dragos CEOs reshape the way you approach cybersecurity in manufacturing.

Skip to main content
2022 Year In Review

2022 ICS/OT Cybersecurity Year In Review

2022 Year In Review

Dragos’s annual ICS/OT Cybersecurity Year in Review – industrial control systems (ICS) and operational technology (OT) vulnerabilities, threats targeting industrial environments, and industry trends from customer engagements worldwide.
Keep scrolling to explore our interactive view of the 2022 Year in Review. Be sure to download your free copy of the full report for exclusive data and insights on the state of ICS/OT cybersecurity to help you stay ahead of the threat landscape in 2023.

Timeline

TIMELINE OF ICS THREAT ACTIVITY IN 2022

In 2022, headlines around the world highlighted the motivation for targeting ICS/OT and the impact of disruption. The following cyber attacks and cybersecurity events attracted high-profile attention last year.
2022
2023
January
February
March
April
May
June
July
August
October
November
December
01.22 Ransomware
Ransomware-as-a-Service Impacts Multiple Industries
01.22 Threat Group Update
KOSTOVITE Renewed Activity
02.22 ICS Cybersecurity Advancement
Dragos Welcomes NSA & CISA as Trusted Advisors for Neighborhood Keeper
02.22 ICS Cybersecurity Advancement
XENOTIME Renewed Activity
02.22 Threat Group Update
KAMACITE Renewed Activity
02.22 Ransomware
Conti Ransomware Group Threatens Critical Infrastructure
03.22 Cyber Attack
CISA Advisory on State-Sponsored Adversaries Targeting the Energy Sector
03.22 ICS Cybersecurity Achievement
Statement by President Biden on U.S. Cybersecurity
04.22 Threat Group Update
ELECTRUM Renewed Activity
04.22 Malware
ICS-SPECIFIC MALWARE PIPEDREAM
04.22 Threat Group Update
CHERNOVITE NEW THREAT GROUP
05.22 Threat Group Update
ERYTHRITE Renewed Activity
05.22 Ransomware
Foxconn Ransomware Attack
06.22 ICS Cybersecurity Advancement
U.S. Department of Energy releases C2M2 2.1
07.22 ICS Cybersecurity Advancement
DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators
07.22 Vulnerability
Log4j Declared an Endemic Supply Chain Threat
08.22 ICS Cybersecurity Advancement
U.S. Department of Energy Announces $45M Investment in Power Grid Cyber Resilience
10.22 Threat Group Update
WASSONITE Renewed Activity
10.22 ICS Cybersecurity Advancement
CISA Directs Federal Agencies to Improve Asset Visibility & Vulnerability Detection
10.22 ICS Cybersecurity Advancement
DHS Announces New Cybersecurity Performance Goals for Critical Infrastructure
11.22 Threat Group Update
BENTONITE New Threat Group
12.22 Ransomware
Multiple Ransomware Attacks on Mining and Metal, Food and Beverage Companies

Vulnerabilities

2022 ICS/OT VULNERABILITIES

In 2022, Dragos Threat Intelligence assessed 2170 ICS/OT common vulnerabilities and exposures (CVE) reported by a variety of sources including independent researchers, vendors, Dragos, and ICS-CERT.
Advisories with incorrect data
2020
43%
Change
-5%
2021
38%
Change
-4%
2022
34%
Which can prevent operators from accurately prioritizing patch management.
Advisories with no patch
2020
22%
Change
+2%
2021
24%
Change
+6%
2022
30%
Presenting a challenge for operators that want to take action to resolve the published vulnerability.
Of advisories with no patch; % with no mitigation
2020
64%
Change
-45%
2021
19%
Change
-3%
2022
16%
Which prevents an operator from taking any defensive action using information from the advisory.
Advisories that Dragos provided mitigation for
2020
78%
Change
-9%
2021
69%
Change
-16%
2022
53%
Of the advisories that had no mitigations, Dragos provided mitigation advice for a majority thereby enabling defenders to take action.
Individual CVEs that contained errors
2020
33%
Change
-13.5%
2021
19.5%
Change
-4.5%
2022
15%
Which can mislead practitioners who use CVSS scores to triage for mitigation.
Dragos corrected: MORE severe than public advisory
2020
73%
Change
-21%
2021
52%
Change
+18%
2022
70%
Of the advisories with errors, Dragos assessed a large proportion to be more severe than the public advisory indicated. This can cause issues with patching prioritization.
Dragos corrected: LESS severe than public advisory
2020
26%
Change
+19%
2021
45%
Change
-16%
2022
29%
Of the advisories with errors, Dragos assessed a percentage to be less severe than the public advisory indicated. This can cause issues with patching prioritization.
Advisories applied to products bordering the enterprise
2020
23%
Change
0%
2021
23%
Change
-8%
2022
15%
Which can facilitate initial access by an adversary into an operations environment.
Vulnerabilities deep within ICS Network
2020
77%
Change
0%
2021
77%
Change
+6%
2022
83%
Which requires existing access to a control systems network to exploit.
Impact: Loss of View & Loss of Control
2020
36%
Change
-1%
2021
35%
Change
+15%
2022
50%
Vulnerabilities that could cause both loss of view & loss of control - preventing operators from monitoring and modifying the system state.
Advisories with incorrect data
Advisories with no patch
Of advisories with no patch; % with no mitigation
Advisories that Dragos provided mitigation for
Individual CVEs that contained errors
Dragos corrected: MORE severe than public advisory
Dragos corrected: LESS severe than public advisory
Advisories applied to products bordering the enterprise
Vulnerabilities deep within ICS Network
Impact: Loss of View & Loss of Control
01 / 10

Key Findings

2022 ICS/OT Environment Assessments

Dragos gathered first-hand insights to understand the state of ICS/OT cybersecurity, impacts for the community overall, and recommendations to improve strategies for all levels of ICS/OT cybersecurity maturity.
2022
80%
2021
86%
2020
90%
Change
-6%
Extremely limited / no visibility into OT environment
80% of service engagements have a lack of visibility across OT networks, making detections, triage, and response incredibly difficult at scale.
2022
50%
2021
77%
2020
88%
Change
-27%
Poor security perimeters
50% of service engagements included a finding of external connections from OEMs, IT networks, or the Internet to the OT network.
2022
53%
2021
70%
2020
33%
Change
-17%
External Connections to the ICS Environment
53% of ICS Environments had external connections.
2022
54%
2021
44%
2020
54%
Change
+10%
Lacked separate IT & OT user management
54% of service engagements included a finding of shared credentials in OT systems, the most common method of lateral movement and privilege escalation.
01/04
2022 Year In Review

2022 Year In Review

Read the 2022 Year In Review Report

Year In Report cover image
SKIP

Want to speak directly to a Dragos expert?

We'll put you in touch with exactly who you need.