With respect to Internet boundaries, most practitioners intuitively understand the need to place key security systems, such as authentication servers, inside the perimeter. However, in control network environments this need is often overlooked. Control network perimeters exist to provide some measure of protection from all external networks, including general purpose corporate networks. Key security systems […]
Archive | NCSAM RSS feed for this section
2012 NCSAM Tip #11
Read More 0 Comments
2012 NCSAM Tip #10
Need to transfer files within your control environment from system to system? Avoid using insecure methods to do so, such as FTP or NFS. SFTP and Secure Copy are common options – the overhead is low and the potential net positive security “goodness” is high! Take a look at this comparison document for a few more secure […]
Read More 0 Comments
2012 NCSAM Tip #9
Security innovation has no boundaries! We are often looking for solutions in our own backyard – attending sector-specific security events and calling upon our peer utilities for help. We should continue doing that…but, we also should look outside our industry. Industrial Control Systems are used throughout the world in a variety of industries. There is […]
Read More 0 Comments
2012 NCSAM Tip #8
Control system security relies heavily on its network perimeter designs and isolation techniques. It isn’t also the design that wins or loses the control system security game. More frequently, it is the configuration management of that perimeter environment. Be sure to focus attention on uni-directional and bi-directional data streams between the business networks and control […]
Read More 0 Comments
2012 NCSAM Tip #7
Cybersecurity for SCADA systems requires tremendous due diligence. Such efforts can be applied in many areas; however, focusing on strong security plans for SCADA technology projects at the onset will save time and money in the end. Work closely with the operation teams during such projects to assure that the security requirements are meeting the […]
Read More 0 Comments
2012 NCSAM Tip #6
Especially in a control system environment, consider employing realtime up-to-date removable media malware scanning stations and require all incoming USB sticks, CDs, and other media to be scanned at these stations prior to use. Control environments should be isolated as much as possible perhaps even completely separated from any other network. Using removable media to transfer data (informally […]
Read More 0 Comments
2012 NCSAM Tip #5
In order to determine how to configure your cyber security measures and controls in a manner which supports the improvement of your cyber security posture in addition to any compliance requirements, consider developing common attack scenarios and threat trees. These should include “bad guy” motivations and your specific business risks. Compare the attack scenarios and […]
Read More 0 Comments
2012 NCSAM Tip #4
These days, everyone has more passwords than they can possibly remember. Why bother even trying? There are numerous products available that will store passwords with relative security. Use of these tools enables one to use longer and more complex passwords, and more importantly, unique passwords for every account.This greatly reduces the risks associated with compromised […]
Read More 0 Comments
2012 NCSAM Tip #3
Have your technology systems been compromised by hostile parties? Would you know if they were? Building an appropriate level of security situational awareness is no easy task, and can take significant time and financial resources. Still, you must start somewhere, and even simple, quick measures can provide real value. Visibility into network traffic, and adequate […]
Read More 0 Comments
2012 NCSAM Tip #2
Security training in the control environment must be specific to the employees role. If the person being trained is instructed on the details of database access control management or how PKI’s famous Bob and Alice maintain their secrets using asymmetric key methods but has no responsibility or oversight of those functions, it is going to be difficult to command […]
Read More 0 Comments
