On my last post in the CCI Blog, I described
how American Water Works Association Cyber Security Framework didn’t addressed
the detection Cyber Security events measures for these control systems.
Today I have seen a good tweet
(as always) from our colleague Joel Langill (@SCADAhacker) advising about a new Tripwire studyon Critical Infrastructure. In their study they stated than “86% energy
security professionals believe they can detect a breach on critical systems in
less than 1 week”, and suddenly I remembered the last CCI report on
Industrial Cyber Security for Spain in 2015. According to that report, these
were the Cyber Security solutions deployed on those Networks:
As you can see, SIEM, log correlation,
IDS and IPS technologies are not very popular on such organizations, so
questions are:
- Who has responded in the Tripwire survey? (Surely not Spanish Industrial companies)
- If you are not monitoring cyber security events, how can you detect them?
- Why Duqu 2.0 has been hitting ?
