Re: First real-world SCADA attack in US
Like any of the decades largest breaches this could have been avoided by following BCP's. In addition SCADA networks are easily protected via behavioral and signature based security technologies.
Is there a BCP that covers security for SCADA? Note that Google for "BCP SCADA" finds BS-25999 Business Continuity Plan Implementation Checklist ... ---------- Suppose a friend of yours was a low-level geek working for either a user/operator of a SCADA system or a vendor of software/hardware for that market. If he asked you for info about security, where would you send him? (Assume he knows all about SCADA but little about networks or security.) For that matter, is there any good security info for small to medium sized businesses? Say a local store, travel agency, or doctor/dentist. -- These are my opinions, not necessarily my employer's. I hate spam.
Hal Murray wrote:
Like any of the decades largest breaches this could have been avoided by following BCP's. In addition SCADA networks are easily protected via behavioral and signature based security technologies.
Is there a BCP that covers security for SCADA?
Note that Google for "BCP SCADA" finds BS-25999 Business Continuity Plan Implementation Checklist ...
----------
Suppose a friend of yours was a low-level geek working for either a user/operator of a SCADA system or a vendor of software/hardware for that market. If he asked you for info about security, where would you send him? (Assume he knows all about SCADA but little about networks or security.)
For that matter, is there any good security info for small to medium sized businesses? Say a local store, travel agency, or doctor/dentist.
I'd tell them to go here: http://www.securityfocus.com/ And subscribe to, at least, the Security Basics list and ask their question (s) there. " Security-Basics This list is intended for the discussion of various security issues, all for the security beginner. It is a place to learn the ropes in a non-intimidating environment, and even a place for people who may be experts in one particular field but are looking to increase their knowledge in other areas of information security. The Security-Basics mailing list is meant to assist those responsible for securing individual systems (including their own home computer) and small LANs. This includes but is not limited to small companies, home-based businesses, and home users. This list is designed for people who are not necessarily security experts. As such, it is also an excellent resource for the beginner who wants a non-threatening place to learn the ropes."
participants (2)
-
Hal Murray
-
Michael Painter