Lack of formal documentation, event monitoring, and permissions and privileges control, remain common among industrial control system environments, according to the Department of Homeland Security. The assessment identified security gaps in the enterprise and control system networks for over 230 critical asset owners, the Industrial Control Systems-Computer Emergency Response Team (ICS-CERT) said in its latest issues of ICS-CERT Monitor.<\/p>\n","protected":false},"excerpt":{"rendered":"
“ICS-CERT encourages asset owners to review their network for these common security gaps and take measures to eliminate known system vulnerabilities,” ICS-CERT wrote.<\/p>\n
For some organizations, the network architecture was not well understood, or the administrators were not consistently enforcing remote login policies or controlling incoming and outgoing media.<\/p>\n
<\/p>\n
Along with improperly deployed network devices, the assessment uncovered configuration issues, such as weak testing environments, weak backup and restore capabilities, and poor or limited patch management.<\/p>\n
<\/p>\n
“The assessments also assisted these organizations in identifying and prioritizing their most critical vulnerabilities requiring immediate attention and provided real-time resolutions and recommendations for enhancing their security awareness and defensive posture,” ICS-CERT said.<\/p>\n
<\/p>\n