Saturday, July 15, 2017

ICS CERT Releases 2016 Assessment Summary Report


ICS-CERT conducted 130 assessments in the fiscal year 2016, which is more than in any previous year. Monitor newsletters published by ICS-CERT this year show that it has already conducted 74 assessments in the first half of 2017.
...
Similar to the previous two years, inadequate boundary protection remained the most common flaw – 94 discoveries representing more than 13 percent of all weaknesses identified during assessments. Boundary protection issues can result in failure to detect unauthorized activity in critical systems, and an increased risk to control systems due to the lack of proper separation from the enterprise network.
This may sound like a simple to avoid issue, but business demands and security demands often conflict and if you aren't very careful it's easy to breach your boundaries without realizing it.  (Or whoever is in charge just doesn't care, or the system was installed before control system security became a big deal and people don't want to mess with what's working. )
Post a Comment

OSCP Update

I missed a couple Sundays because I was out of town and had something else going on.  I don't remember what it was but it was important ...