Skip to content

Insufficient/missing Vulnerability management

Description

Insufficient or missing vulnerability management practices in an OT environment can leave systems exposed to known security vulnerabilities. Without proper patching and vulnerability scanning, attackers can exploit these vulnerabilities to gain unauthorized access and disrupt critical operations.

Public Incidents

  • Colonial Pipeline ransomware attack
  • NotPetya
  • TRISIS
  • Establish a vulnerability management program that includes regular vulnerability scanning, patch management, and remediation processes.
  • Prioritize critical security updates and patches for OT systems to address high-risk vulnerabilities.
  • Implement network segmentation and access controls to limit the impact of security vulnerabilities.