This article by Eric Byres, Derek Kruszewski, and Talha Siddiqui explains why finding vulnerabilities in industrial control systems (ICS) is far more difficult than many organizations realize*. Relying on the National Vulnerability Database (NVD) is mostly ineffective because:
-
More than 75 percent of ICS vulnerabilities are missing.
-
The NVD rarely maps component vulnerabilities back to the products containing those components.
-
The vendor name on the product in your facility is often different from the vendor name in the NVD details or CPE listing.
Learn how Artificial intelligence (AI), including Machine Learning (ML) and natural language processing, offer a better alternative to manual vulnerability research and management.
* Originally appeared in the April Automation.com ebook, an ISA.org publication.