Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

ICS-CERT Examines 3 Years of Data to Reveal Common Vulnerabilities for Critical Asset Owners

Lack of formal documentation, event monitoring, and permissions and privileges control, remain common among industrial control system environments, according to the Department of Homeland Security.

Lack of formal documentation, event monitoring, and permissions and privileges control, remain common among industrial control system environments, according to the Department of Homeland Security.

The assessment identified security gaps in the enterprise and control system networks for over 230 critical asset owners, the Industrial Control Systems-Computer Emergency Response Team (ICS-CERT) said in its latest issues of ICS-CERT Monitor. The assessments were designed to strengthen the country’s critical infrastructure’s overall security posture.

Lack of formal documentation for processes and policies within the organization was a common security gap across industrial control system operators, owners, and manufacturers, ICS-CERT said. Poor systems access controls in place meant organizations were not properly controlling who had the proper permissions to access the network and various resources. Privilege management and access controls are important in these kind of sensitive networks.

“ICS-CERT encourages asset owners to review their network for these common security gaps and take measures to eliminate known system vulnerabilities,” ICS-CERT wrote.

Another common gap was in event monitoring, as organizations were falling behind on audits and accountability. This included issues such as not having security audits or assessments at all, and poor—or none at all— logging practices. For some organizations, the network architecture was not well understood, or the administrators were not consistently enforcing remote login policies or controlling incoming and outgoing media.

ICS-CERT used the newly launched CyberSecurity Evaluation Tool (CSET) and compared each organization’s security practices against accepted industry standards.

Other common security weaknesses included improper authentication controls and credentials management. In many cases, the network was designed poorly, such as not defining a security perimeter or improperly configured firewalls. Network devices were not properly configured and some in some cases, there was little or no monitoring by intrusion detection systems taking place. Along with improperly deployed network devices, the assessment uncovered configuration issues, such as weak testing environments, weak backup and restore capabilities, and poor or limited patch management.

The three year onsite assessment reviewed existing customer systems to discover possible vulnerabilities as well as developing strategies for effective defense-in-depth processes. Organizations also learned about national cybersecurity standards, industry-based recommendations, and best practices as part of the assessment.

Advertisement. Scroll to continue reading.

“The assessments also assisted these organizations in identifying and prioritizing their most critical vulnerabilities requiring immediate attention and provided real-time resolutions and recommendations for enhancing their security awareness and defensive posture,” ICS-CERT said.

Related ReadingCritical Infrastructure is the New Battleground for Cyber Security

Related ReadingPutting SCADA Protection on the Radar

Related Reading: SCADA Honeypots Shed Light on Attacks Against Critical Infrastructure

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.