BreachExchange mailing list archives
SCADA risk awareness, threats and breaches
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 26 Mar 2014 18:57:50 -0600
http://net-security.org/secworld.php?id=16574 SANS announced results of its 2014 Survey on control system security, in which 268 IT professionals answered questions about their overall risk awareness, trends in threats and breaches, and effective means to mitigate vulnerabilities with regard to SCADA/ICS. "Attacks on control systems are on the rise," says Matt Luallen, SANS Analyst and author of this survey. "Budgets for cybersecurity in SCADA ICS environments remain very slim, and organizations continue to be dependent on limited resources and staffing to detect breaches and attacks." In the year since SANS' last survey on this topic, the number of entities with identified or suspected security breaches has increased from 28% to nearly 40%. Only 9% can say with surety that they haven't been breached. Organizations want to be able to protect their systems and assets, which include computer systems, networks, embedded controllers, control system communication protocols and various physical assets. Respondents also noted they strive to protect public safety; increase leadership risk awareness; and expand controls pertaining to asset identification, communication channels and centralized monitoring. Still, many organizations do not or cannot collect data from some of the most critical SCADA and ICS assets, and many depend on trained staff, not tools, to detect issues. Alarmingly, according to the survey, 16% have no process in place to detect vulnerabilities. Interestingly, the survey noted a merging of ICS security and IT security. "Respondents indicated that ICS security is being performed by specialists reporting to both engineering and IT," says Derek Harp, business operations lead for ICS programs at SANS. "This places a real priority on cross-departmental coordination, effectively bridging competencies and building (as well as assessing) skill in an organized manner."
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- SCADA risk awareness, threats and breaches Audrey McNeil (Mar 31)