After almost one year, we have less Industrial Control Systems open to Internet in Spain.
Let's see how things are going in the next month.
Remember, always close the door to your SCADA !!!
Monday, June 29, 2015
The Dragonfly campaign hangover in Spain - Almost one year after
We have good news !!!!.
After almost one year, we have less Industrial Control Systems open to Internet in Spain.
It has been a long time campaign, but may be someone has got the message and we have contributed with an awareness improvement.
Let's see how things are going in the next month.
Remember, always close the door to your SCADA !!!
After almost one year, we have less Industrial Control Systems open to Internet in Spain.
Let's see how things are going in the next month.
Remember, always close the door to your SCADA !!!
Wednesday, June 24, 2015
Finding the needle in the Water Tank (At least, you should look for it)
Are we still in time in Spain to avoid this mishap?
I know I should be looking for the needle in the Haystack, but looking for that in a Waste Water Tank is not easy either. When you have to protect Drinking & Waste Water control networks plants you should be aligned with the best practices and be national regulation complaint.
Since February 2014, EEUU deployed its Cyber Security Framework from the National Institute of Standards and Technology (NIST). In that General Framework, detection of behavioral anomalies, is recognized in the third function defined by the Framework: Detect.
Under the function Detect (DE) is the category of Anomalies and events (AE), and under this, there is one sub management categories established:
· DE.AE-1: A baseline of network operations and expected data flows for users and system is established and managed.
(The need to detect anomalies in control networks is found in the following standards: COBIT 5 DSS03.01, ISA 62443-2-1:2009 4.4.3.3 and NIST SP 800-53 Rev. 4 AC-4, AC-3, CM-2, SI-4)
In the Water sector and in 2014 too, AWWA deployed another Cyber Security Framework (Process Control System Security Guidance for the Water Sector). In this guide there was a Cross Reference to NIST Cybersecurity Framework, and the only two categories not addressed in this cross reference were related with cyber security events detection!!!
Why is this? I don’t really know, but what I do know is that continuous security monitoring is the only way to detect any threat in your network and managed risk in a proper way.
Now we are going to have our water sector regulation in Spain but … Are we going to forget about anomalies detection in our permanent security measures too?
If so, we will never find the needle (or the virus) in our water tanks.
Subscribe to:
Posts (Atom)