 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Techno Security's Guide to Securing SCADA: A Comprehensive Handbook On
Protecting The Critical Infrastructure edited by Jack Wiles (~US$64 from Amazon) is a compilation of essays from SCADA and infrastructure security experts.
Security Assessment of SCADA Protocols - A Taxonomy Based Methodology for the Identification of Security Vulnerabilities in SCADA Protocols by Vinay M. Igure (~US$58 from Amazon) delves into security issues in the c. 200 specialized real-time protocols used by SCADA/ICS devices to communicate via SCADA networks.
Here’s a good overview of SCADA security risks and controls.
A professional penetration tester describes common network security vulnerabilities in SCADA systems, including those managing the engines on a Boeing 747.
As part of its interest in Critical Infrastructure Protection (CIP), NIST runs the Process Control Security Requirements Forum (PCSRF), “a resource for users, vendors, and third parties in the process control industry who are concerned about information security in an increasingly networked world”. NIST has also released a final draft of SP 800-82 Guide to Industrial Control Systems (ICS) Security - a typically detailed NIST publication (over 150 pages!).
The UK Government’s Centre for Protection of National Infrastructure (CPNI) provides a set of SCADA security good practice guides.
21 steps to secure SCADA outlines a systematic process to review and where necessary improve SCADA security.
Blackhat conference presentation SCADA security & terrorism - we are not crying wolf includes a list of well known SCADA security incidents (as of 2006 anyway) plus case study examples from SCADA penetration tests and several helpful overview diagrams for those new to SCADA/ICS security.
Find out about planned SCADA conferences.
The International Society of Automation (ISA) publishes SCADA security standards.
“Modern automation systems used in infrastructure (including Supervisory Control and Data Acquisition, or SCADA) have myriad security vulnerabilities. Many of these relate directly to inadequate security administration, which precludes truly effective and sustainable security ... One of the most common problems seen in modern SCADA environments is the lack of a SCADA-specific security policy. Other vulnerabilities include poor account maintenance, insecure network connections, and a lack of maintenance and monitoring of equipment.” said Dominique Kilman and Jason Stamp of Sandia National Laboratories in their Framework for SCADA Security Policy paper. Such security vulnerabilities are especially worrisome in relation to SCADA for nuclear facilities, for obvious reasons.
Related NoticeBored links collections
Information security risk management, incident management, compliance,
contingency planning, physical security and governance
NB: we do not necessarily endorse or agree with the third party websites accessible through the links. Use at your own risk. Please let us know about new or broken links.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Copyright © 2012 IsecT Ltd.