Connect with us

Hi, what are you looking for?



Inadequate Boundary Protections Common in Critical Infrastructure: ICS-CERT

The assessments conducted by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in 2016 showed that inadequate boundary protection has remained the most prevalent weakness in critical infrastructure organizations.

The assessments conducted by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in 2016 showed that inadequate boundary protection has remained the most prevalent weakness in critical infrastructure organizations.

ICS-CERT conducted 130 assessments in the fiscal year 2016, which is more than in any previous year. Monitor newsletters published by ICS-CERT this year show that it has already conducted 74 assessments in the first half of 2017.

Assessments are offered to both government organizations and private sector companies whose owners and operators request them. Last year, the CERT conducted assessments in 12 of the 16 critical infrastructure sectors, including chemical, commercial facilities, communications, critical manufacturing, emergency services, dams, energy, food and agriculture, IT, government facilities, transportation, and water and wastewater systems.

Similar to the previous two years, inadequate boundary protection remained the most common flaw – 94 discoveries representing more than 13 percent of all weaknesses identified during assessments. Boundary protection issues can result in failure to detect unauthorized activity in critical systems, and an increased risk to control systems due to the lack of proper separation from the enterprise network.

Related: Learn More at SecurityWeek’s ICS Cyber Security Conference

The second most prevalent type of vulnerability, with 42 discoveries, is “least functionality.” This refers to organizations failing to implement controls to ensure that unnecessary services, ports, protocols or applications that can be exploited to gain access to ICS are disabled.

ICS-CERT also discovered 36 instances of identification and authentication flaws. Many organizations fail to implement proper identification and authentication mechanisms for their users – this leads to accountability problems and makes it more difficult to secure the accounts of individuals who have left the company.

Advertisement. Scroll to continue reading.

The fourth most prevalent issue discovered during assessments is related to physical access controls – which can make it easier for malicious actors to gain an initial foothold into the targeted organization’s ICS network.

Another common problem identified by investigators was related to mechanisms for auditing and accountability. According to ICS-CERT, 26 organizations did not have a formal process in place for reviewing and validating logs, which makes it more difficult to detect an intrusion in the ICS network and respond to an incident.

ICS-CERT’s FY 2016 Annual Assessment Report also includes recommendations on how to address these issues.

Related: ICS-CERT Warns of BrickerBot’s IoT Device Damaging Capabilities

Related: Targeted Attacks on Industrial Sector Increasingly Common

Related: Spear Phishing Attacks Target Industrial Firms

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...