2013. — 10 с.If you read the news, you know that control systems and critical infrastructure are increasingly becoming targets and victims of cybercrime. In 2010, news broke about Stuxnet, an incredibly sophisticated worm designed to sabotage control systems. While this most sophisticated, targeted worm broke through layers of defense to damage specific power systems, the vast majority of failures require far less sophistication. In fact, a coordinated attack labeled Night Dragon targeted efforts by cybercriminals to steal information from several large energy companies using common tools. Regardless of the level of sophistication, one thing most attacks have in common is an expectation that human defenses will fail. In these industry-specific attacks, attackers count on humans to fail.
There are numerous documents available to help design and apply an appropriate company and system security posture, such as Ten Tips for Improving the Security of Your Assets. However, this paper addresses the responsibility of the personnel operating computers in a control system or substation automation system. Because computers provide more and more useful information to operators, they become larger targets for unauthorized access. They also become more critical to the ability of operators to perform their duties effectively. This paper discusses practical methods to know the status of your system and computers, protect them from unauthorized access, and choose the best replacement to support business continuity or disaster recovery.
