SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Size: px
Start display at page:

Download "SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP"

Transcription

1 SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

2 Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations Schneider Electric Seminar - 2

3 SCADA Systems An application of computer technology which: gathers information from field devices displays it for use by an operator executes automatic control sequences stores and displays data for analysis. Schneider Electric Seminar - 3

4 Elements of a Typical SCADA System Laptop VPN / Dial up PDA Remote Communications Terminal Server Wireless Network Device Workstation Workstation Server Radio Ethernet SCADA Control Center Interface to Remote Areas Clearwell PLC Control Panels Field Devices Human Machine Interface (HMI) M MCC S-2 Historical Server Comm Tower Field Controller. Clearwell Pump Venturi Flow Tube To Distribution Networks CL2, Turbidity, Conductivity, ph Analyzers Schneider Electric Seminar - 4

5 SCADA Systems vs. IT Systems Some Common Characteristics Internet Protocol (IP) based systems Ethernet networks Servers and Workstations PC based Windows Operating Systems Network Connectivity Schneider Electric Seminar - 5

6 SCADA Systems vs. IT Systems SCADA shares many characteristics with IT systems, but SCADA also has: Direct effect on the real world Significant impact on environment Risks to health and safety of human lives Mission Criticality Real Time / High Availability IT Security techniques are a good foundation for SCADA Security Schneider Electric Seminar - 6

7 SCADA System Risk Factors Standard Protocols and Technologies Vulnerabilities known to hackers/attackers Connections from control network to other networks Corporate WAN/Internet Rogue or Unknown Connections Public Information on Common Control Platforms Easy to understand HMI Graphics Schneider Electric Seminar - 7

8 SCADA System Threats Attackers Hackers Insiders Disgruntled employees or former employees Spyware/Malware Terrorists Schneider Electric Seminar - 8

9 SCADA System Threats Control System Disruptions Lack of Monitoring Inability to control Unauthorized Changes Alarm Setpoints Control Setpoints False Information to Operators Virus Introduction Schneider Electric Seminar - 9

10 Do We Really Need to Worry? Worcester Air Traffic Communications 1997 Hacker disabled multiple comm systems Maroochy Shire Sewage Spill 2000 Disgruntled job applicant hacked into remote control systems CSX Train Signaling System 2003 Sobig computer virus - Infection shut down signaling, dispatching and other systems Schneider Electric Seminar - 10

11 Do We Really Need to Worry? Davis-Bessey Nuclear Power Plant 2003 Slammer worm: Disabled Safety Monitoring System, Failure of Process Computer (plant was not operating) Northeast Power Blackout 2003 SCADA failure contributed to blackout Bellingham Washington Gas Pipeline Failure 1999 SCADA failure allowed overpressure, contributed to incident Schneider Electric Seminar - 11

12 Potential SCADA Vulnerability Types Policy and Procedure Control Platform Hardware Software Configuration Network Systems Schneider Electric Seminar - 12

13 Policy and Procedure Considerations Security Policies & Procedures Training Disaster Recovery Change Management Develop Security Policies SCADA Specific Disaster Recovery Plan Monitor for current issues (WaterISAC, US-CERT list) Schneider Electric Seminar - 13

14 Low Hanging Fruit Policies and Procedures Software Backups SCADA Configuration PLC Programs Historical Data System Documentation Security Awareness Training Schneider Electric Seminar - 14

15 Control Platform Considerations Hardware Software Configuration Schneider Electric Seminar - 15

16 Control Platform Considerations Hardware Physical Security of Critical Systems Redundancy for Critical Components Backup Power Environmental Controls Accidental remote access Schneider Electric Seminar - 16

17 Low Hanging Fruit Hardware Physical Security of SCADA Assets Separate Servers in Secure Location Limit Operator Access to USB ports Lock Field Equipment Cabinets and Enclosures Secure Cables in conduit to prevent damage (radio coax, etc.) Schneider Electric Seminar - 17

18 Control Platform Considerations Software Old/Outdated Operating Systems Patch Management for Operating Systems Patch Management for Control Software Virus Protection (Malware) Software Intrusion Detection Software Schneider Electric Seminar - 18

19 Low Hanging Fruit - Software Anti-Virus Software Verify with SCADA vendor, Deploy carefully Manage Signature Updates Intrusion Detection Software Handle similar to anti-virus software Schneider Electric Seminar - 19

20 Control Platform Considerations Configuration Critical Configuration Parameters Password Policies and Application Portable Devices (Laptop, PDA) Vendor Default Configurations Access Controls Schneider Electric Seminar - 20

21 Low Hanging Fruit Configuration Passwords / System Access Individual Passwords Strong Password requirements for privileged users Critical Processes consider impact on passwords if rapid response needed (e.g. UV Local Operator Interface) Define Access Control levels Schneider Electric Seminar - 21

22 Network Systems Considerations Security Perimeter Separated Networks (Control, Non-Control) Firewall Configuration Wireless Connections Wireless LAN Remote Telemetry Schneider Electric Seminar - 22

23 Typical SCADA Network Scheme Split Networks Laptop PDA Wireless Network Device Workstation Workstation SCADA Ethernet Network Radio SCADA Server SCADA Server Control Ethernet Network Historical Server Comm. Tower Schneider Electric Seminar - 23

24 Access to Corporate LAN/WAN Schneider Electric Seminar - 24

25 DMZ Architecture Laptop with VPN Business System Server (Typical) Internet Admin Network (LAN/WAN) Firewall to Internet Firewall to Admin LAN/WAN Laptop PDA DMZ Network Historical Server Wireless Network Device Workstation Workstation SCADA Ethernet Network Data Server Firewall SCADA Server SCADA Server Control Ethernet Network Schneider Electric Seminar - 25

26 CSSP Recommended Defense-In-Depth Architecture Schneider Electric Seminar - 26

27 Wireless Networks Plan your Installation Antennas placed to minimize exposure outside designated areas Configure your Hardware Unique SSID non-broadcast MAC Filtering Strong Security / Authorization Protocols Schneider Electric Seminar - 27

28 Remote Telemetry Physical Protection of Equipment Spread Spectrum Change Default Codes Licensed Consider Encryption Schneider Electric Seminar - 28

29 Resources Water Information Sharing and Analysis Center (WaterISAC) Department of Homeland Security Control Systems Security Program - NIST Industrial Control System Security Project ISA Security Compliance Institute - Process Control Systems Forum - NIST SP : Guide to Industrial Control Security Control Systems Cyber Security Self Assessment Tool (CS2SAT) Schneider Electric Seminar - 29

30 Summary SCADA System Security is a real concern. IT Cyber-Security Techniques are a good foundation for SCADA Security improvements. There are many simple improvements that can be made to enhance system security. Schneider Electric Seminar - 30

31 Questions? Terry M. Draper, PE, PMP

32 Potential SCADA Vulnerability Types Policy and Procedure Security Policies and Procedures Training Disaster Recovery Change Management Control Platform Hardware Software Configuration Schneider Electric Seminar - 32

33 Potential SCADA Vulnerability Types Network Systems Hardware/Software/Configuration Network Perimeter Network Monitoring and Logging Communications Wireless Connections Schneider Electric Seminar - 33

Designing a security policy to protect your automation solution

Designing a security policy to protect your automation solution Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...

More information

Three Simple Steps to SCADA Systems Security

Three Simple Steps to SCADA Systems Security Three Simple Steps to SCADA Systems Security Presented by: Gabe Shones, PE / Gilbert Kwan, PE Insert Photo Here Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL

More information

DeltaV System Cyber-Security

DeltaV System Cyber-Security January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...

More information

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance

More information

Best Practices for DanPac Express Cyber Security

Best Practices for DanPac Express Cyber Security March 2015 - Page 1 Best Practices for This whitepaper describes best practices that will help you maintain a cyber-secure DanPac Express system. www.daniel.com March 2015 - Page 2 Table of Content 1 Introduction

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Preventing Cyber Security Attacks Against the Water Industry

Preventing Cyber Security Attacks Against the Water Industry Preventing Cyber Security Attacks Against the Water Industry Presented by Michael Karl October 2012 Acknowledgements Infracri5cal SCADA Security Newsgroup CH2M HILL, Automa5on Cyber- Security Prac5ce Team

More information

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Security for. Industrial. Automation. Considering the PROFINET Security Guideline Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures

More information

Best Practices for DeltaV Cyber- Security

Best Practices for DeltaV Cyber- Security January 2013 Page 1 Best Practices for DeltaV Cyber- Security This document describes best practices will help you maintain a cyber-secure DeltaV digital automation system. www.deltav.com January 2013

More information

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote

More information

Industrial Security for Process Automation

Industrial Security for Process Automation Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical

More information

Security Policy for External Customers

Security Policy for External Customers 1 Purpose Security Policy for This security policy outlines the requirements for external agencies to gain access to the City of Fort Worth radio system. It also specifies the equipment, configuration

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer

More information

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation.

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation. Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems Enzo M. Tieghi etieghi@visionautomation.it Security IT & Control System Security: where are we?

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used

More information

Cybersecurity Health Check At A Glance

Cybersecurity Health Check At A Glance This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial

More information

Best Practices For Department Server and Enterprise System Checklist

Best Practices For Department Server and Enterprise System Checklist Best Practices For Department Server and Enterprise System Checklist INSTRUCTIONS Information Best Practices are guidelines used to ensure an adequate level of protection for Information Technology (IT)

More information

How Secure is Your SCADA System?

How Secure is Your SCADA System? How Secure is Your SCADA System? Charles Drobny GlobaLogix, Inc. Houston, TX, USA Our Industry is a Target 40% of cyber attacks on Critical Infrastructure targets are aimed at the Energy Industry The potential

More information

Innovative Defense Strategies for Securing SCADA & Control Systems

Innovative Defense Strategies for Securing SCADA & Control Systems 1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet

More information

Verve Security Center

Verve Security Center Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Network/Cyber Security

Network/Cyber Security Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security

More information

DeltaV Cyber Security Solutions

DeltaV Cyber Security Solutions TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital

More information

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment Introduction 1 Distributed SCADA security 2 Radiflow Defense-in-Depth tool-set 4 Network Access

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

13 Ways Through A Firewall

13 Ways Through A Firewall Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright

More information

ABB s approach concerning IS Security for Automation Systems

ABB s approach concerning IS Security for Automation Systems ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and

More information

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which

More information

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0 BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Client Security Risk Assessment Questionnaire

Client Security Risk Assessment Questionnaire Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations

More information

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008 U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October

More information

Cyber Security in a Modern Process Network. Philip Nunn Product Manager - Industrial Networks

Cyber Security in a Modern Process Network. Philip Nunn Product Manager - Industrial Networks Cyber Security in a Modern Process Network Philip Nunn Product Manager - Industrial Networks 2 Philip Nunn Philip started work in the wider electrical industry with Crabtree Electrical, now a part of the

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

NETWORK SECURITY GUIDELINES

NETWORK SECURITY GUIDELINES NETWORK SECURITY GUIDELINES VIRUS PROTECTION STANDARDS All networked computers and networked laptop computers are protected by GST BOCES or district standard anti-virus protection software. The anti-virus

More information

13 Ways Through A Firewall What you don t know will hurt you

13 Ways Through A Firewall What you don t know will hurt you Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter

More information

CYBER SECURITY. Is your Industrial Control System prepared?

CYBER SECURITY. Is your Industrial Control System prepared? CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect Operation & Optimization Software Activity Schneider-Electric Challenges What challenges are there

More information

8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day

8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354 2015 FRWA Annual Conference Don t Wait Another Day 1 SCADA Subsystems Management Physical Connectivity Configuration Mgmt.

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,

More information

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.

More information

Network Security in Power Systems. Maja Knezev and Zarko Djekic

Network Security in Power Systems. Maja Knezev and Zarko Djekic Network Security in Power Systems Maja Knezev and Zarko Djekic Introduction Protection control Outline EMS, SCADA, RTU, PLC Attacks using power system Vulnerabilities Solution Conclusion Introduction Generator

More information

IT Security and OT Security. Understanding the Challenges

IT Security and OT Security. Understanding the Challenges IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

Decrease your HMI/SCADA risk

Decrease your HMI/SCADA risk Decrease your HMI/SCADA risk Key steps to minimize unplanned downtime and protect your organization. Are you running your plant operations with serious risk? Most industrial applications lack recommended

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

The Importance of Cybersecurity Monitoring for Utilities

The Importance of Cybersecurity Monitoring for Utilities The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

Payment Card Industry Self-Assessment Questionnaire

Payment Card Industry Self-Assessment Questionnaire How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.

More information

United States Trustee Program s Wireless LAN Security Checklist

United States Trustee Program s Wireless LAN Security Checklist United States Trustee Program s Wireless LAN Security Checklist In support of a standing trustee s proposed implementation of Wireless Access Points (WAP) in ' 341 meeting rooms and courtrooms, the following

More information

IT Security for Process Control

IT Security for Process Control IT Security for Process Control Field Devices, Services and Maintenance INTERKAMA Forum, April 13 th, 2005 Slide 1 IT Security in Process Automation Content Why is this important? Security Measures in

More information

Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems

Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems Building Security into Your Industrial Internet Phillip Allison Tempered Networks Discussion topics Threats to network security TCP/IP

More information

Dr. György Kálmán gyorgy@mnemonic.no

Dr. György Kálmán gyorgy@mnemonic.no COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats

More information

Meeting IED Integration Cyber Security Challenges. Jacques Benoit Manager Cybectec Product and Technology Training Cooper Power Systems

Meeting IED Integration Cyber Security Challenges. Jacques Benoit Manager Cybectec Product and Technology Training Cooper Power Systems Meeting IED Integration Cyber Security Challenges Jacques Benoit Manager Cybectec Product and Technology Training Cooper Power Systems Jacques.Benoit@cybectec.com INTRODUCTION The Nature of the Risk Utilities

More information

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

The Leading Provider of Endpoint Security Solutions

The Leading Provider of Endpoint Security Solutions The Leading Provider of Endpoint Security Solutions Innovative Policies to Defend Against Next-Generation Threats Conrad Herrmann CTO and Co-Founder Zone Labs, Inc. Network Security Is an Uphill Battle

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

Patching & Malicious Software Prevention CIP-007 R3 & R4

Patching & Malicious Software Prevention CIP-007 R3 & R4 Patching & Malicious Software Prevention CIP-007 R3 & R4 Scope Compliance Assessment Summary Introspection & Analysis Program-In Review Maturity Model review Control Design review Process Components of

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

The SCADA Security Challenge: The Race Is On

The SCADA Security Challenge: The Race Is On The SCADA Security Challenge: The Race Is On Steven S. Smith November 25, 2006 Abstract SCADA is not a term many are familiar with but ironically it plays a very important role in our daily lives. Supervisory

More information

Building Secure Networks for the Industrial World

Building Secure Networks for the Industrial World Building Secure Networks for the Industrial World Anders Felling Vice President, International Sales Westermo Group Managing Director Westermo Data Communication AB 1 Westermo What do we do? Robust data

More information

1B1 SECURITY RESPONSIBILITY

1B1 SECURITY RESPONSIBILITY (ITSP-1) SECURITY MANAGEMENT 1A. Policy Statement District management and IT staff will plan, deploy and monitor IT security mechanisms, policies, procedures, and technologies necessary to prevent disclosure,

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Industrial Communication. Securing Industrial Wireless

Industrial Communication. Securing Industrial Wireless Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...

More information

SCADA SYSTEMS AND SECURITY WHITEPAPER

SCADA SYSTEMS AND SECURITY WHITEPAPER SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more

More information

SHOULD I BE CONCERNED ABOUT CYBER SECURITY? OR IS THE BETTER QUESTION WHAT IS CYBER SECURITY?!!!?

SHOULD I BE CONCERNED ABOUT CYBER SECURITY? OR IS THE BETTER QUESTION WHAT IS CYBER SECURITY?!!!? SHOULD I BE CONCERNED ABOUT CYBER SECURITY? OR IS THE BETTER QUESTION WHAT IS CYBER SECURITY?!!!? What we are not going to discuss: Understand, I am not a computer guru. My knowledge is probably more limited

More information

Securing Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case

Securing Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case Securing Industrial Control Systems in the Chemical Sector Roadmap Awareness Initiative Making the Business Case Developed by the Chemical Sector Coordinating Council in partnership with The U.S. Department

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

By David G. Holmberg, Ph.D., Member ASHRAE

By David G. Holmberg, Ph.D., Member ASHRAE The following article was published in ASHRAE Journal, November 2003. Copyright 2003 American Society of Heating, Refrigerating and Air-Conditioning Engineers, Inc. It is presented for educational purposes

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

On-Site Computer Solutions values these technologies as part of an overall security plan:

On-Site Computer Solutions values these technologies as part of an overall security plan: Network Security Best Practices On-Site Computer Solutions Brian McMurtry Version 1.2 Revised June 23, 2008 In a business world where data privacy, integrity, and security are paramount, the small and

More information

How are we keeping Hackers away from our UCD networks and computer systems?

How are we keeping Hackers away from our UCD networks and computer systems? How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

10605164 Medical Networks and Operating Systems

10605164 Medical Networks and Operating Systems Western Technical College 10605164 Medical Networks and Operating Systems Course Outcome Summary Course Information Description Instructional Level Total Credits 4.00 Total Hours 108.00 A course studying

More information

SCADA Cyber Security

SCADA Cyber Security SCADA Cyber Security Information on Securing SCADA systems Version: 1.0 Erik Daalder, Business Development Manager Yokogawa Electric Corporation Global SCADA Center T: +31 88 4641 360 E: erik.daalder@nl.yokogawa.com

More information

New Era in Cyber Security. Technology Development

New Era in Cyber Security. Technology Development New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01 JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT Test Code: 4514 Version: 01 Specific Competencies and Skills Tested in this Assessment: PC Principles Identify physical and equipment

More information

California State Polytechnic University, Pomona. Desktop Security Standard and Guidelines

California State Polytechnic University, Pomona. Desktop Security Standard and Guidelines California State Polytechnic University, Pomona Desktop Security Standard and Guidelines Version 1.7 February 1, 2008 Table of Contents OVERVIEW...3 AUDIENCE...3 MINIMUM DESKTOP SECURITY STANDARD...3 ROLES

More information

Network Instruments white paper

Network Instruments white paper Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features

More information

Cybersecurity in the Water Sector. Copyright 2015 American Water Works Association

Cybersecurity in the Water Sector. Copyright 2015 American Water Works Association Cybersecurity in the Water Sector Copyright 2015 American Water Works Association Overview Reality of the Threat Environment Water Sector Cyber Risk Management Key Resources Connectivity = Exposure Process

More information

Network Security Guidelines. e-governance

Network Security Guidelines. e-governance Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

RuggedCom Solutions for

RuggedCom Solutions for RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application

More information

IPS Anti-Virus Configuration Example

IPS Anti-Virus Configuration Example IPS Anti-Virus Configuration Example Keywords: IPS, AV Abstract: This document presents a configuration example for the AV feature of the IPS devices. Acronyms: Acronym Full spelling IPS AV Intrusion Prevention

More information

Sound Transit Seattle WA SCADA Overview. Presented by: Ted Ellis IT Department SCADA Team Lead

Sound Transit Seattle WA SCADA Overview. Presented by: Ted Ellis IT Department SCADA Team Lead Sound Transit Seattle WA SCADA Overview Presented by: Ted Ellis Department SCADA Team Lead What We Do Plan, Build and Operate Express Bus Light Rail Commuter Train Where we operate Seattle urban area 3

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Corporation http://www.wicksoft.com Copyright WICKSoft 2007. WICKSoft Mobile Documents

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies

More information