Alternate Title: National Cybersecurity and Communications Integration Center/ Industrial Control Systems Cyber Emergency Response Team Fiscal Year 2015 Annual Vulnerability Coordination Report
"This report provides a summary of the Department of Homeland Security's (DHS) National Cybersecurity and Communications Integration Center (NCCIC)/Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) vulnerability coordination activities for FY 2015. The goal of ICS-CERT is to reduce industrial control systems (ICS) risks within and across all critical infrastructure sectors by coordinating efforts among Federal, state, local, and tribal governments, as well as industrial control systems owners, operators, and vendors. ICS-CERT coordinates activities to reduce the likelihood of success and the severity of the impact of cyber-attacks against critical infrastructure control systems. This report provides trend analysis for all vulnerabilities reported to ICS-CERT in FY 2015. Most notably, researchers found that 52 percent came from improper input validation and permissions, privileges, and access controls. While this high percentage may indicate a pressing cybersecurity gap, it is also possible that it merely reflects the type of vulnerabilities targeted by researchers reporting to ICS-CERT. The majority of reported vulnerabilities for FY 2015 came from the Energy, Critical Manufacturing, and Water and Wastewater Sectors."
Industrial Control Systems Cyber Emergency Response Team: https://ics-cert.us-cert.gov/