The common vulnerability scoring system (CVSS) provides a way for organisations to assess the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The CVSS has proven to be useful to consistently assess vulnerabilities and to standardise security policies. However, it has also showed some shortcomings in addressing the needs of users outside of traditional IT environments. In this article Jonathan Wilkins, director at industrial parts supplier EU Automation, explains.
When fully protected, technological devices, both on and offline, can optimise a number of processes on the factory floor. By connecting devices to the Industrial Internet of Things (IIoT), manufacturers can collect data for a variety of purposes, such as monitoring production in real-time, detecting bottlenecks, optimising energy consumption and facilitating predictive maintenance.
However, the growing number of devices connected to the IIoT also means that hackers have more opportunities to infiltrate a company, access sensitive data and disrupt production. According to NETSCOUT’s Threat Intelligence Report, the average time required to attack and IIoT device is just five minutes. SonicWall reports that IoT malware attacks jumped increased by 215.7 per cent in 2018, and the rate of cyberattacks is expected to keep increasing.
Take a programmable logic controller (PLC) as an example. It is an automated decision-making tool that monitors the state of connected devices and makes decisions to streamline processes. As technology has advanced, PLCs have become equipped with remote access capabilities for ease of maintenance and increased flexibility when controlling other devices.
To remotely monitor and control processes, PLCs must be connected to the internet. However, this exposes the technology to cyber-attacks, which could lead to extremely serious consequences, such as the Siberian gas pipeline explosion in 1982. The CVSS allows manufacturers to categorise their PLC’s potential vulnerabilities and ensure that the most dangerous are patched before

View Entire Article on