170 likes | 372 Views
Agenda. The fastest 30 minutes in cyber security historyIntroductionsThe ThreatNERC CIP RequirementsCIP Program RolloutCyber Security Program StrategyQuestions. . . Coalfire Overview. 3. IT Audit and Compliance Management. 4. Regulatory Backdrop. 4. Regulatory Environment is a New Challenge for IT Professionals.
E N D
2. The fastest 30 minutes in cyber security history
Introductions
The Threat
NERC CIP Requirements
CIP Program Rollout
Cyber Security Program Strategy
Questions
3. Coalfire Overview 3
4. Regulatory Backdrop 4 Relevant points:
Law are rapidly emerging for protection of information security
The Computer Security Act of 1987 was largely aimed at assuring citizens that the Federal government, as custodians of sensitive personal information, had a duty to protect that information.
Laws are evolving rapidly at state levels Relevant points:
Law are rapidly emerging for protection of information security
The Computer Security Act of 1987 was largely aimed at assuring citizens that the Federal government, as custodians of sensitive personal information, had a duty to protect that information.
Laws are evolving rapidly at state levels
5. Why Protect Infrastructure?
6. Strategic Barriers
7. Trends – The Risk is Growing
13. CIP Program Approach
14. 21 Steps to Improve Cyber Security
15. Segment SCADA Network
16. Top 5 Risk Mitigation Steps Segment SCADA systems (Diagram system boundaries)
Test Segmentation of SCADA Systems (Do not rely on proprietary protocols)
Restrict Remote Access
Contact your System Vendor for Secure Configurations and Operations Guides
Develop a good Incident Response Plan
17. References Idaho National Labs – Vulnerabilities Reporthttp://www.controlsystemsroadmap.net/pdfs/INL_Common_Vulnerabilties.pdf
NIST SP 800-82http://csrc.nist.gov/publications/drafts/800-82/draft_sp800-82-fpd.pdf
NERC - Top 10 Vulnerabilities of Control Systemshttp://www.controlsystemsroadmap.net/pdfs/NERC_2007_Top_10.pdf
GAO Report on Continuing Security Weaknesshttp://www.controlsystemsroadmap.net/pdfs/GAO_2007_CS_Challenges_Remain.pdf
21 Steps to Improve SCADA System Securityhttp://www.controlsystemsroadmap.net/pdfs/21_steps_to_Improve_Cyber_Security_of_SCADA_Networks.pdf
18. Thank You 18