Citation Edit

Department of Homeland Security, Control Systems Security Program, National Cyber Security Division, Common Cybersecurity Vulnerabilities in Industrial Control Systems (May 2011) (full-text).

Overview Edit


This report compiled common vulnerabilities identified during numerous security assessments of new ICS products and production ICS installations from 2004 through 2010.

This report is organized in three sections. First, the different sources of ICS vulnerability information are summarized. Then the common ICS vulnerabilities are presented according to categories that describe a general problem observed in multiple ICS security assessments.

These three general categories are grouped by:

1. Vulnerabilities inherent in the ICS product.
2. Vulnerabilities caused during the installation, configuration, and maintenance of the ICS.
3. The lack of adequate protection because of poor network design or configuration.

Nonattributable ICS vulnerabilities are listed with the common vulnerability descriptions to aid in understanding the issues. General recommendations based on empirical knowledge gained through performing ICS security assessments are then grouped by software development recommendations for ICS vendors, ICS network configuration, and maintenance recommendations for ICS owners.

See also Edit

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.