{"id":9974,"date":"2020-02-01T01:52:02","date_gmt":"2020-02-01T01:52:02","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=9974"},"modified":"2026-04-17T18:07:50","modified_gmt":"2026-04-17T18:07:50","slug":"ics-information-security-assurance-framework-9","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/ics-information-security-assurance-framework-9\/","title":{"rendered":"ICS Information Security Assurance Framework 9"},"content":{"rendered":"


\n<\/p>\n

2.3 Vulnerabilities in ICS Assets<\/strong><\/h2>\n

Most ICS security mechanisms are short of authentication, encryption, and audits, and therefore such ICS assets are rather vulnerable. When connecting to the Internet, ICSs are susceptible to external probes or identification via special fields included in information returned through public or private communication protocols, web services, telnet, and FTP. In this way, ICS assets can be easily controlled by attackers. In addition, more and more ICS vulnerabilities are identified by researchers, leaving ICS assets exposed on the Internet rather vulnerable.<\/p>\n

2.3.1 More ICS Assets Exposed<\/strong><\/h3>\n

To minimize the chance of industrial control devices being hit by cyberattacks, ICSs should run in a physically isolated environment. However, this is not the case in the actual production environment. In July 2016, Kaspersky released a report indicating that 188,019 ICS hosts in 170 countries around the world were found connected to the Internet.<\/p>\n

The following figures show the exposure of global assets on the Internet detected by NSFOCUS Threat Intelligence (NTI) using multiple protocols. The figures below take Modbus and the Siemens S7 protocol as an example to show the exposure and distribution of industrial control devices around the world (statistics are not collected for a particular year).<\/p>\n

\"Red<\/a><\/p>\n

\"Red<\/a><\/p>\n

\"Red<\/a><\/p>\n

\"Red<\/a><\/p>\n

\"Red<\/a><\/p>\n

\"Red<\/a><\/p>\n

The following figure shows the number of industrial control devices using Modbus, S7, DNP3, ENIP, and IEC around the world in 2018.<\/p>\n

\"Red<\/a><\/p>\n

\"Red<\/a><\/p>\n

As more and more industrial control systems and devices worldwide are connected to the Internet, they will be exposed to more security risks. According to statistics from Kaspersky, in 2017 H1, 20.6% of threats against ICS computers were sourced from the Internet and this figure was increased to 27.3% in 2018 H1.<\/p>\n

\"Red<\/a><\/p>\n

It seems to attackers that these industrial control devices exposed on the Internet make it possible for them to infect industrial control networks. If certain industrial control devices contain unpatched vulnerabilities and certain vulnerabilities within ICS software and hardware are shared and made publicly available, vulnerabilities in these devices will become attackers’ most likely point of entry into the industrial control networks.<\/p>\n

In addition, we have worked out the distribution of industrial control device vendors serving different sectors, as shown in the following figures. As HMIs, DCSs, and PLCs need to run operating systems and software, vulnerabilities tend to occur in the three types of devices. Therefore, we mainly focus on these types of devices here.<\/p>\n

\"Red<\/a><\/p>\n

\"Red<\/a><\/p>\n

To be continued.<\/body><\/html><\/p>\n","protected":false},"excerpt":{"rendered":"

2.3 Vulnerabilities in ICS Assets Most ICS security mechanisms are short of authentication, encryption, and audits, and therefore such ICS assets are rather vulnerable. When connecting to the Internet, ICSs are susceptible to external probes or identification via special fields included in information returned through public or private communication protocols, web services, telnet, and FTP. […]<\/p>\n","protected":false},"author":1,"featured_media":9892,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[5,15],"tags":[452],"class_list":["post-9974","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ddos-mitigation","category-research-reports","tag-ics-information-security"],"acf":[],"yoast_head":"\nICS Information Security Assurance Framework 9 - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ICS Information Security Assurance Framework 9 - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"2.3 Vulnerabilities in ICS Assets Most ICS security mechanisms are short of authentication, encryption, and audits, and therefore such ICS assets are\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-01T01:52:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/01\/ICS-INformation.jpg\" \/>\n<meta name=\"author\" content=\"NSFOCUS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"ICS Information Security Assurance Framework 9 - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"2.3 Vulnerabilities in ICS Assets Most ICS security mechanisms are short of authentication, encryption, and audits, and therefore such ICS assets are\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/01\/ICS-INformation.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"NSFOCUS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/ics-information-security-assurance-framework-9\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/ics-information-security-assurance-framework-9\\\/\"},\"author\":{\"name\":\"NSFOCUS\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"ICS Information Security Assurance Framework 9\",\"datePublished\":\"2020-02-01T01:52:02+00:00\",\"dateModified\":\"2026-04-17T18:07:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/ics-information-security-assurance-framework-9\\\/\"},\"wordCount\":389,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/ics-information-security-assurance-framework-9\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/ICS-INformation.jpg\",\"keywords\":[\"ICS Information Security\"],\"articleSection\":[\"DDoS Mitigation\",\"Research & Reports\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/ics-information-security-assurance-framework-9\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/ics-information-security-assurance-framework-9\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/ics-information-security-assurance-framework-9\\\/\",\"name\":\"ICS Information Security Assurance Framework 9 - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/ics-information-security-assurance-framework-9\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/ics-information-security-assurance-framework-9\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/ICS-INformation.jpg\",\"datePublished\":\"2020-02-01T01:52:02+00:00\",\"dateModified\":\"2026-04-17T18:07:50+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/ics-information-security-assurance-framework-9\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/ics-information-security-assurance-framework-9\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/ics-information-security-assurance-framework-9\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/ICS-INformation.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/ICS-INformation.jpg\",\"width\":689,\"height\":592,\"caption\":\"Green infographic on security assurance framework.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/ics-information-security-assurance-framework-9\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ICS Information Security Assurance Framework 9\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"NSFOCUS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"NSFOCUS\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ICS Information Security Assurance Framework 9 - NSFOCUS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/","og_locale":"pt_BR","og_type":"article","og_title":"ICS Information Security Assurance Framework 9 - NSFOCUS","og_description":"2.3 Vulnerabilities in ICS Assets Most ICS security mechanisms are short of authentication, encryption, and audits, and therefore such ICS assets are","og_url":"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/","og_site_name":"NSFOCUS","article_published_time":"2020-02-01T01:52:02+00:00","article_modified_time":"2026-04-17T18:07:50+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/01\/ICS-INformation.jpg","type":"","width":"","height":""}],"author":"NSFOCUS","twitter_card":"summary_large_image","twitter_title":"ICS Information Security Assurance Framework 9 - NSFOCUS","twitter_description":"2.3 Vulnerabilities in ICS Assets Most ICS security mechanisms are short of authentication, encryption, and audits, and therefore such ICS assets are","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/01\/ICS-INformation.jpg","twitter_misc":{"Escrito por":"NSFOCUS","Est. tempo de leitura":"2 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/"},"author":{"name":"NSFOCUS","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"ICS Information Security Assurance Framework 9","datePublished":"2020-02-01T01:52:02+00:00","dateModified":"2026-04-17T18:07:50+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/"},"wordCount":389,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/01\/ICS-INformation.jpg","keywords":["ICS Information Security"],"articleSection":["DDoS Mitigation","Research & Reports"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/","url":"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/","name":"ICS Information Security Assurance Framework 9 - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/01\/ICS-INformation.jpg","datePublished":"2020-02-01T01:52:02+00:00","dateModified":"2026-04-17T18:07:50+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/01\/ICS-INformation.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/01\/ICS-INformation.jpg","width":689,"height":592,"caption":"Green infographic on security assurance framework."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/ics-information-security-assurance-framework-9\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"ICS Information Security Assurance Framework 9"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/#website","url":"https:\/\/nsfocusglobal.com\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"NSFOCUS","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"NSFOCUS"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/9974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=9974"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/9974\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/9892"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=9974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=9974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=9974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}