CISSP · Question #469
An organization operates a legacy Industrial Control System (ICS) to support its core business service, which carrot be replaced. Its management MUST be performed remotely through an administrative co
The correct answer is B. Air-gap and harden the host used for management purposes. The question asks how to best manage the risk of a legacy ICS that requires remote management through a vulnerable Java-based administrative console that cannot be replaced.
Question
Options
- AIsolate the full ICS by moving It onto its own network segment
- BAir-gap and harden the host used for management purposes
- CConvince the management to decommission the ICS and mitigate to a modem technology
- DDeploy a restrictive proxy between all clients and the vulnerable management station
How the community answered
(41 responses)- A24% (10)
- B56% (23)
- C12% (5)
- D7% (3)
Why each option
The question asks how to best manage the risk of a legacy ICS that requires remote management through a vulnerable Java-based administrative console that cannot be replaced.
Isolating the entire ICS onto its own network segment reduces exposure but does not directly address the vulnerability in the management console's JRE, which could still be exploited by anyone with access to that segment.
Air-gapping the management host isolates it from the broader network, preventing the vulnerable JRE from being exposed to network-based attacks, while hardening the host reduces the attack surface by removing unnecessary services, applying strict configurations, and limiting access. This approach directly addresses the risk at the management station level - the specific point of vulnerability - without disrupting the ICS operations. It is the most practical and effective compensating control when the vulnerable software cannot be updated or replaced.
The question explicitly states the ICS cannot be replaced, making decommissioning not a viable option regardless of management persuasion.
Deploying a restrictive proxy may filter some traffic but does not adequately protect against the full range of JRE vulnerabilities, especially application-layer exploits that could pass through the proxy.
Concept tested: Compensating controls for legacy ICS with vulnerable dependencies
Source: https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-deployment
Topics
Community Discussion
No community discussion yet for this question.