While some individual vulnerabilities are discussed for illustrative purposes, this report is more of an overview of the state of ICS cyber security. The report looks at three broad areas of common ICS vulnerabilities:
• Software/ Product Security WeaknessesThese vulnerabilities exist in both vendor products and facility implementation. The ICS-CERT report provides corrective recommendations for vendors and owner/operators; nothing really new here, just solid justifications for well known cyber security procedures and mitigation measures. The owner/operator recommendations include:
• Configuration Weaknesses
• Network Security Weaknesses
• Restrict ICS User Privileges to only those RequiredThis report comes at a time of increasing public and political scrutiny of ICS security issues. Hopefully, Congress and potential regulators at DHS will take a close look at this document during their deliberations.
• Change All Default Passwords and Require Strong Passwords
• Test and Apply Patches
• Protect Critical Functions with Network Security Zones and Layers
• Customize IDS Rules for the ICS and Closely Monitor Logs
• Force Security through External Software Security Assessments
Posts
No comments:
Post a Comment