Awareness and training; Monitoring and incident response; System development and acquisition; and Interconnectivity of critical and non-critical systems.Oh, yes; I was particularly impressed that Andrew discussed “Business continuity and disaster recovery” and did not resort to using the current buzz word, ‘Resiliancy’. He does note that a good “cyber-security posture should include planning to ensure continuity of operations and facilitate restoration of all critical cyber assets”. In my mind this disaster recovery is especially important when the facility cyber assets can potentially control the release of toxic chemicals, prevent mixing of incompatible materials, or maintain safety-critical storage conditions. If these 13 challenges were all that were contained in this article it would be a valuable information source for CFATS security managers. But Andrew provides a special bonus in a side-bar entitled: “Field Surveys Provide Troubling Findings”. He provides a summary of cyber security information that Industrial Defender has compiled from critical infrastructure assessments that they have done over the last couple of years. The three “widespread cyber-security issues” will point cyber security managers at important potential flaws in their security posture that are well worth looking at. I certainly recommend that all CFATS security officers and cyber security officers read this informative article. Once again, a single article will not make you a cyber security expert, but it will give you an appreciation of the potential problems and allow you to talk to a real expert without feeling foolish.
Experts compete to find Ukraine grid hack 'smoking gun'
11 months ago