In its fiscal year 2016 assessment report, ICS-CERT listed the most prevalent critical infrastructure vulnerabilities and potential risk that may result from exploitation of these weaknesses.
1. Boundary protection: Weaker boundaries between industrial control systems and enterprise networks makes it difficult to detect unauthorized activity in critical systems.
2. Least functionality: It is important for organizations to minimize and close unused services, ports, protocols, applications and functions that increases vectors for malicious party to gain access to critical systems. As unauthorized personnel could plug rogue devices into open ports or unplug an authorized device and connect to gain access to the network.
3. Identification and authentication: Improper identification and authentication result to lack of accountability for individual user actions. Weak identification and authentication also makes it more difficult to secure accounts when …show more content…
Physical access control, audit review: Unauthorized access to sensitive facilities could occur without challenge, during which time a malicious party may directly connect to the supervisory control and data acquisition (SCADA) system and potentially set up a more permanent and remote connection for ongoing unauthorized access at a later time. Physical access to organizational facilities is a security vulnerability if not control as unauthorized personnel may access critical or sensitive areas.
5. Audit review, analysis and reporting: Without formalized review and validation of logs, unauthorized users, applications, or other unauthorized events may be present in the system and operate in the industrial control systems network without detection.
6. Authenticator management: Passwords verify the authenticity of a user, and if compromised, the system assumes the user is an authorized party. Passwords can be easily compromised using techniques such as brute force (password guessing) or pass the hash
1. Boundary protection: Weaker boundaries between industrial control systems and enterprise networks makes it difficult to detect unauthorized activity in critical systems.
2. Least functionality: It is important for organizations to minimize and close unused services, ports, protocols, applications and functions that increases vectors for malicious party to gain access to critical systems. As unauthorized personnel could plug rogue devices into open ports or unplug an authorized device and connect to gain access to the network.
3. Identification and authentication: Improper identification and authentication result to lack of accountability for individual user actions. Weak identification and authentication also makes it more difficult to secure accounts when …show more content…
Physical access control, audit review: Unauthorized access to sensitive facilities could occur without challenge, during which time a malicious party may directly connect to the supervisory control and data acquisition (SCADA) system and potentially set up a more permanent and remote connection for ongoing unauthorized access at a later time. Physical access to organizational facilities is a security vulnerability if not control as unauthorized personnel may access critical or sensitive areas.
5. Audit review, analysis and reporting: Without formalized review and validation of logs, unauthorized users, applications, or other unauthorized events may be present in the system and operate in the industrial control systems network without detection.
6. Authenticator management: Passwords verify the authenticity of a user, and if compromised, the system assumes the user is an authorized party. Passwords can be easily compromised using techniques such as brute force (password guessing) or pass the hash