The vulnerability and risk landscape of OT is expanding rapidly with a 40% compound annual growth rate of CVEs from ICS-CERT. This is before the SBOM work that is now being encouraged which could scale the number of vulnerabilities by a factor of 2, 5, or 10. At the same time, software and hardware vulnerabilities are only one of many risks within OT – misconfigured devices, weak user and account management, insecure network architectures, etc., all pose other, potentially critical risks.
Where should organizations start? How can they make progress against the greatest risks given the limited resources available? How can they keep up with changes in these distributed environments when risk assessments often are only completed every year or perhaps longer.
Verve CEO, John Livingston, will share his and his company’s experiences over the past 15 years automating the complex tasks of OT risk identification, prioritization, remediation, and maintenance.