Industrial Control System Vulnerability and Threat

Industrial Control System Vulnerability and Threat

ICS Vulnerability

Referring to some industrial standards related to ICS security, such as NIST SP 800-82, AP STD 1164, ISA 99 and some other standards , the ICS vulnerability can be summarized into three segmentation, there are:

Policy and Procedure

Some example of the vulnerabilities that reside on this category such as lack of removable media policy, access control procedure, backup and restore procedure, BCP/DRP manual, etc.

Platform Vulnerabilities

Some example of the vulnerabilities that reside on this category such as Windows OS vulnerability, application vulnerabilities, server hardware limitation, system redundancy, account and password, etc.

Network Vulnerabilities

Some example of the vulnerabilities that reside on this category such as network configuration, firewall rules, Access Control List, default password usage, remote authentication not securely managed, etc.
 

ICS Threat

We can divide the sources of the ICS security threats into two categories, internal and external.

Internal Threat

Some of the example of the threats sourced from this category such as (ex)employee, vendor, out-of-control admin activities, insecure access control, bypassing the procedure, etc.

External Threat

Some of the example of the threats sourced from this category such as hacker, remote access, nation state hacker, cyber crime, virus and malware, etc.
 

0 Comments

Leave Reply

Your email address will not be published. Required fields are marked *