Join CTA and Dragos as we discuss public ICS/OT exploits for vulnerability prioritization with Jacob Baines, Principal Industrial Control Vulnerability Analyst @Dragos, and Neil Jenkins, Chief Analytic Officer @Cyber Threat Alliance.
Dragos tracks thousands of CVE that affect industrial control systems and operational technology networks. Of these CVE, more than 400 have publicly available exploits. The exploits affect all levels of the Purdue model and significantly lower the barrier of entry to exploit and move around industrial networks. However, not all exploits are created equal. Some are entirely worthless, while others pose significant risks. Understanding where these exploits come from, their impact on industrial network, and which actually matter can significantly aid in vulnerability prioritization.