ICS-CERT Annual Assessment Report: Industrial Control Systems Cyber Emergency Response Team [open pdf - 3MB]
From the Introduction: "Fiscal Year 2016 marks the third publishing year for the ICS-CERT [Industrial Control Systems Cyber Emergency Response Team] Annual Assessment Report. As in previous years, the report provides our stakeholders with important information they can use to help secure their control systems and associated CI [critical infrastructure]. This includes descriptions of the most common vulnerabilities found by our assessment teams in FY 2016 and the cybersecurity actions we recommend ICS owners and operators take to improve their cybersecurity posture. Now more than ever, vital operational processes depend on secure and reliable control systems. In addition to traditional industrial processes, rapid increases in the connectivity of operational technology through the Internet of Things raise new challenges for control systems security. ICS-CERT continues to work with its government and private sector partners to identify, understand, and mitigate cyber threats to control systems and the CI they support."
Department of Homeland Security: https://www.dhs.gov/