ICS-CERT conducted 130 assessments in the fiscal year 2016, which is more than in any previous year. Monitor newsletters published by ICS-CERT this year show that it has already conducted 74 assessments in the first half of 2017.
...
Similar to the previous two years, inadequate boundary protection
remained the most common flaw – 94 discoveries representing more than 13
percent of all weaknesses identified during assessments. Boundary
protection issues can result in failure to detect unauthorized activity
in critical systems, and an increased risk to control systems due to the
lack of proper separation from the enterprise network.
This may sound like a simple to avoid issue, but business demands and security demands often conflict and if you aren't very careful it's easy to breach your boundaries without realizing it. (Or whoever is in charge just doesn't care, or the system was installed before control system security became a big deal and people don't want to mess with what's working. )
No comments:
Post a Comment