Week Two
Hello! Welcome to this week's Ryan Report. Today, I will provide an overview of DHS' Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and discuss a recent ICS vulnerability disclosure.
The fundamental purpose of a CERT is security incident response. At the organizational level, this is usually an interdisciplinary group made up of individuals from departments such as IT, cybersecurity, compliance, and legal. The CERT operates in accordance with the organization's incident response procedure.
The DHS ICS-CERT is a division of the National Cybersecurity and Communications Integration Center (NCCIC) that collaborates with international and private sector organizations to share control systems-related incidents and mitigation measures. In addition to ICS systems, ICS-CERT also disseminates information about medical devices and non-traditional operational technology like building automation systems, for example. These alerts and advisories are quite helpful in that they provide information such as CVSS (risk) score, risk evaluation, technical details and mitigations.
A recent ICS-CERT advisory affecting healthcare comes from August 23, 2018. A vulnerability in BD wireless infusion pumps could allow a remote attacker to gain unauthorized access to the pump and affect the intended operation. A researcher from CyberMDX discovered the vulnerability and reported it to BD.
BD published a response and mitigations for this vulnerability that include network segmentation, and instructed affected organizations to utilize connections via BD's proprietary docking station. NCCIC echoed the network segmentation recommendation and added that control system devices should not be accessible from the Internet and secure methods such as VPNs should be used for remote access.
I find these reports to be quite useful and routinely review them as part of my organization's vulnerability management program.
The fundamental purpose of a CERT is security incident response. At the organizational level, this is usually an interdisciplinary group made up of individuals from departments such as IT, cybersecurity, compliance, and legal. The CERT operates in accordance with the organization's incident response procedure.
The DHS ICS-CERT is a division of the National Cybersecurity and Communications Integration Center (NCCIC) that collaborates with international and private sector organizations to share control systems-related incidents and mitigation measures. In addition to ICS systems, ICS-CERT also disseminates information about medical devices and non-traditional operational technology like building automation systems, for example. These alerts and advisories are quite helpful in that they provide information such as CVSS (risk) score, risk evaluation, technical details and mitigations.
A recent ICS-CERT advisory affecting healthcare comes from August 23, 2018. A vulnerability in BD wireless infusion pumps could allow a remote attacker to gain unauthorized access to the pump and affect the intended operation. A researcher from CyberMDX discovered the vulnerability and reported it to BD.
BD published a response and mitigations for this vulnerability that include network segmentation, and instructed affected organizations to utilize connections via BD's proprietary docking station. NCCIC echoed the network segmentation recommendation and added that control system devices should not be accessible from the Internet and secure methods such as VPNs should be used for remote access.
I find these reports to be quite useful and routinely review them as part of my organization's vulnerability management program.
Comments
Post a Comment