Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



ICS-CERT Examines 3 Years of Data to Reveal Common Vulnerabilities for Critical Asset Owners

Lack of formal documentation, event monitoring, and permissions and privileges control, remain common among industrial control system environments, according to the Department of Homeland Security.

Lack of formal documentation, event monitoring, and permissions and privileges control, remain common among industrial control system environments, according to the Department of Homeland Security.

The assessment identified security gaps in the enterprise and control system networks for over 230 critical asset owners, the Industrial Control Systems-Computer Emergency Response Team (ICS-CERT) said in its latest issues of ICS-CERT Monitor. The assessments were designed to strengthen the country’s critical infrastructure’s overall security posture.

Lack of formal documentation for processes and policies within the organization was a common security gap across industrial control system operators, owners, and manufacturers, ICS-CERT said. Poor systems access controls in place meant organizations were not properly controlling who had the proper permissions to access the network and various resources. Privilege management and access controls are important in these kind of sensitive networks.

“ICS-CERT encourages asset owners to review their network for these common security gaps and take measures to eliminate known system vulnerabilities,” ICS-CERT wrote.

Another common gap was in event monitoring, as organizations were falling behind on audits and accountability. This included issues such as not having security audits or assessments at all, and poor—or none at all— logging practices. For some organizations, the network architecture was not well understood, or the administrators were not consistently enforcing remote login policies or controlling incoming and outgoing media.

ICS-CERT used the newly launched CyberSecurity Evaluation Tool (CSET) and compared each organization’s security practices against accepted industry standards.

Other common security weaknesses included improper authentication controls and credentials management. In many cases, the network was designed poorly, such as not defining a security perimeter or improperly configured firewalls. Network devices were not properly configured and some in some cases, there was little or no monitoring by intrusion detection systems taking place. Along with improperly deployed network devices, the assessment uncovered configuration issues, such as weak testing environments, weak backup and restore capabilities, and poor or limited patch management.

Advertisement. Scroll to continue reading.

The three year onsite assessment reviewed existing customer systems to discover possible vulnerabilities as well as developing strategies for effective defense-in-depth processes. Organizations also learned about national cybersecurity standards, industry-based recommendations, and best practices as part of the assessment.

“The assessments also assisted these organizations in identifying and prioritizing their most critical vulnerabilities requiring immediate attention and provided real-time resolutions and recommendations for enhancing their security awareness and defensive posture,” ICS-CERT said.

Related ReadingCritical Infrastructure is the New Battleground for Cyber Security

Related ReadingPutting SCADA Protection on the Radar

Related Reading: SCADA Honeypots Shed Light on Attacks Against Critical Infrastructure

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.