Re: First real-world SCADA attack in US

["Michael Painter" <tvhawaii () shaka com>]

Hal Murray wrote:
> > Like any of the decades largest breaches this could have been avoided by
> > following BCP's.  In addition SCADA networks are easily protected via
> > behavioral and signature based security technologies.
>
> Is there a BCP that covers security for SCADA?
>
> Note that Google for "BCP SCADA" finds
>  BS-25999 Business Continuity Plan Implementation Checklist ...
>
> ----------
>
> Suppose a friend of yours was a low-level geek working for either a
> user/operator of a SCADA system or a vendor of software/hardware for that
> market.  If he asked you for info about security, where would you send him?
> (Assume he knows all about SCADA but little about networks or security.)
>
> For that matter, is there any good security info for small to medium sized
> businesses?  Say a local store, travel agency, or doctor/dentist.


I'd tell them to go here:

http://www.securityfocus.com/

And subscribe to, at least, the Security Basics list and ask their question (s) there.

" Security-Basics
This list is intended for the discussion of various security issues, all for the security beginner. It is a place to learn 
the ropes in a non-intimidating environment, and even a place for people who may be experts in one particular field but 
are looking to increase their knowledge in other areas of information security.
The Security-Basics mailing list is meant to assist those responsible for securing individual systems (including their own 
home computer) and small LANs. This includes but is not limited to small companies, home-based businesses, and home users. 
This list is designed for people who are not necessarily security experts. As such, it is also an excellent resource for 
the beginner who wants a non-threatening place to learn the ropes."