A key piece of the puzzle when securing critical infrastructure is doing the basics right. So often we hear of stories such as the PC that was leaking data from a Japanese power plant. Dale Peterson from Digital Bond has posted a piece on just that, doing to basic security stuff right. This is an excellent post.
Certain information such as network and physical diagrams, incident response plans, list of critical cyber assets, SCADA software or PLC model information, and security assessment results can be a great help to an attacker. In fact, most security assessments begin with a reconnaissance phase to identify critical information.
A method for protecting Critical Information should be in place for both electronic distribution, such as email, and physical distribution, such as CD, DVD and USB drives.
A while back we wrote a white paper listing and comparing four different approaches to securing Critical Information that never made it to the site. Here is a summary of the four approaches.
For the article read on.
[tags]SCADA, Digital Bond, SCADA Security, Encryption[/tags]