Why have our best efforts to secure industrial facilities fallen short? The answer is that we have taken an IT-centric versus a production-centric approach to ICS cybersecurity. This has left the systems responsible for safety and production vulnerable to malicious attacks or unintended incidents.
This paper examines how an over-reliance on IT-centric perimeter defenses, combined with an inability to see vulnerabilities lurking deep within industrial control system (ICS) environments, has left our critical infrastructure vulnerable. It also discusses current ICS vulnerability management challenges, as well as how you can find and remediate vulnerabilities hidden today within ICS environments by taking a more production-centric approach to managing vulnerabilities on Level 2, 1, and 0 ICS assets.