Explore the critical aspects of Industrial Control Systems (ICS) vulnerabilities in this 24-minute conference talk from the DISC-SANS ICS Virtual Conference. Delve into the 2019 vulnerability year in review report with Katherine Vajda, Dragos Senior Intelligence and Vulnerability Analyst. Gain insights on processes and drivers for prioritizing and understanding vulnerability risks within ICS environments. Learn how to maximize return on investment for mitigation efforts. Examine key findings, the Purdue Model, and Dragos' approach to vulnerability assessment. Understand the importance of answering crucial questions about vulnerabilities, prioritization techniques, and the Dragos Threat Score. Analyze specific examples involving Rockwell Automation and General Electric products. Explore patching, mitigation strategies, risk-based approaches, and monitoring techniques. Conclude with valuable recommendations for vendors and ICS-CERT to enhance overall ICS cybersecurity.