So how do you discover if any of these vulnerabilities are present in the applications deployed on your ICS network? The answer is by testing all of the installed applications for vulnerabilities. And I emphasize all of the installed applications because you first need to know all of the applications that are running on the ICS network. This is where asset management procedures will help. We discussed this in a previous chapter. You cannot secure what you don't know you have. Maintaining an up-to-date asset list with information that includes software versions, patching levels and firmware revisions should be your highest priority.
With an accurate asset list you can compare the revision and patch levels of each application on the ICS network against a list of known vulnerabilities for the application. This process can be done manually or with the help of an automated tool like the previously discussed Nessus scanner or the OpenVAS vulnerability scanner that we...