Key Security Resources

Though following practical advice from technology suppliers is a key aspect of securing your operations, so too is learning all you can about the industrial cyber security issue. Since the nature of computer network exploits makes it impossible to create a silver bullet layer of protection against potential threats, its incumbent for everyone in industry to learn as much as possible about it.

• One of the more highly recommended documents for further reading is the Department of Homeland Security’s “Cyber Security Procurement Language for Control Systems.” (You can access it via http://1.usa.gov/ZXuMs4.) This 120-page document details some 48 parameters of control systems, explains the vulnerabilities and offers example procurement language that asks the supplier to talk about the vulnerabilities.

• SANS, a cooperative cyber security research and development organization that reaches more than 165,000 security professionals worldwide, offers its “Twenty Critical Controls for Effective Cyber Defense” report at http://www.sans.org/critical-security-controls. This report delves deeply into authorized and unauthorized devices, secure configurations both by entity (computers, servers, devices) and by network as well as maintenance and monitoring.

• To keep up to date with the front lines of the cyber security war, visit the Cyber Security Forum Initiative at www.csfi.us. Joel Langill of SCADAHacker.com, who was quoted in this article, is the director of critical infrastructure and SCADA for this group.

• Speaking of Joel Langill, he has amassed an extraordinarily thorough collection of documents, videos, sound files and more under a broad range of topics on his SCADAHacker site: http://scadahacker.com/library.

>> Read Automation World's complete coverage: An Education in Cyber Security

More in Home