ICMP is used for network diagnostics (ping, traceroute) and error reporting. Security risks: ICMP flood (DDoS), ICMP tunneling (covert data channel), ping sweep (reconnaissance).
Many organizations block outbound ICMP. ICMP tunneling encodes data in ping packets for C2 — IDS can detect by inspecting payload. Disable ICMP redirect messages on routers (allows MITM routing).