Yes, I’m serious. Not only must control systems be scanned, but they must be scanned aggressively to determine if servers and workstations can be taken down or have their integrity compromised.
We have been scanning control systems since 2000, taken many control system devices down, but never affected operations. There are only three reasons (and none of them acceptable) not to scan control systems.
- Lack of redundancy
- Lack of recovery
- Improper scanning methodology
An excellent post by Dale Peterson from Digital Bond. Read on.
[tags]SCADA, SCADA Security, Control Systems[/tags]
