Control system security: safety first
by Andrew Ginter - VP of industrial security, Waterfall Security Solutions - Wednesday, 30 October 2013.
These leaders are concluding that making operational networks rely on corporate IT servers in the name of IT/OT integration is a serious vulnerability. The secure way to apply IT processes, skills and infrastructures to operations networks is to deploy unidirectionally-protected parallel infrastructures on operations networks. A separate domain controller infrastructure for operations networks for example, allows IT technologies and processes to be applied to operations networks, without introducing dangerous dependencies on IT infrastructure servers which are exposed to constant threat on Internet-connected networks. Separate operations WANs and operations infrastructures allow businesses to exploit IT technologies, skills and procedures, without exposing operations networks to attacks originating on IT networks.

As a second layer of defense, leading device manufacturers are looking at incorporating application control technology or “whitelisting” to prevent Windows-based devices from falling prey to run-of-the-mill viruses, and to mitigating the slow patching cycles that are part of the engineering change control (ECC) discipline which is so essential to managing control-system networks. Specifying application-control protections in devices should become common practice when upgrading equipment.

Preparation for cyber sabotage starts now

Large, private-sector, critical-infrastructures have yet to suffer a major cyber-sabotage incident, but given the trends in attack capabilities and given the lack of corresponding defensive capabilities deployed at a majority of critical infrastructure sites, such an incident is just a matter of time. IT-OT convergence and IT-style security make plants more vulnerable to certain classes of attacks, not less vulnerable. To maintain control of massive investments in industrial processes, and to ensure safe, uninterrupted operations in the face of modern cyber threats, industry leaders need to reevaluate their approach to cyber security in their integrated IT/OT systems, and take action.

Spotlight

How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victim’s financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if you’re using a RF-based card, along with our top safety tips to keep your payments secure.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //