Industrial Control System Vulnerability and Threat
ICS Vulnerability
Referring to some industrial standards related to ICS security, such as NIST SP 800-82, AP STD 1164, ISA 99 and some other standards , the ICS vulnerability can be summarized into three segmentation, there are:
Policy and Procedure
Some example of the vulnerabilities that reside on this category such as lack of removable media policy, access control procedure, backup and restore procedure, BCP/DRP manual, etc.
Platform Vulnerabilities
Some example of the vulnerabilities that reside on this category such as Windows OS vulnerability, application vulnerabilities, server hardware limitation, system redundancy, account and password, etc.
Network Vulnerabilities
Some example of the vulnerabilities that reside on this category such as network configuration, firewall rules, Access Control List, default password usage, remote authentication not securely managed, etc.
ICS Threat
We can divide the sources of the ICS security threats into two categories, internal and external.
Internal Threat
Some of the example of the threats sourced from this category such as (ex)employee, vendor, out-of-control admin activities, insecure access control, bypassing the procedure, etc.
External Threat
Some of the example of the threats sourced from this category such as hacker, remote access, nation state hacker, cyber crime, virus and malware, etc.
0 Comments