Thursday, May 26, 2011

ICS-CERT Updates Report on ICS Vulnerabilities

Yesterday the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published an updated version of their Common Cybersecurity Vulnerabilities in Industrial Control Systems report. First published in 2009, this report is a look at the wide variety of current vulnerabilities seen by ICS-CERT in a variety of sources uniquely available to that organization.

While some individual vulnerabilities are discussed for illustrative purposes, this report is more of an overview of the state of ICS cyber security. The report looks at three broad areas of common ICS vulnerabilities:

• Software/ Product Security Weaknesses
• Configuration Weaknesses
• Network Security Weaknesses
These vulnerabilities exist in both vendor products and facility implementation. The ICS-CERT report provides corrective recommendations for vendors and owner/operators; nothing really new here, just solid justifications for well known cyber security procedures and mitigation measures. The owner/operator recommendations include:

• Restrict ICS User Privileges to only those Required

• Change All Default Passwords and Require Strong Passwords

• Test and Apply Patches

• Protect Critical Functions with Network Security Zones and Layers

• Customize IDS Rules for the ICS and Closely Monitor Logs

• Force Security through External Software Security Assessments
This report comes at a time of increasing public and political scrutiny of ICS security issues. Hopefully, Congress and potential regulators at DHS will take a close look at this document during their deliberations.

No comments:

/* Use this with templates/template-twocol.html */