|
Introduction
If you are a Chief Executive Officer (CEO) of a utility, transport or broadcasting company your organisation uses Supervisory Control and Data Acquisition (SCADA) systems.
SCADA systems are a crucial part of a nation's critical infrastructure. They are also crucial to the continuity of your business. Therefore you need to think about how to secure your systems in the advent of an electronic attack.
This paper is provided to you as independent advice from the Trusted Information Sharing Network* and is designed to make you aware of some of the security issues associated with SCADA networks. It does not discuss the technical aspects of SCADA security. Rather, its objective is to outline in broad terms issues that you should be aware of in relation to SCADA security. The paper concludes with some questions that you might ask your Chief Information Officer (CIO) regarding the security of your organisation's SCADA operations.
The integration of SCADA systems with technologies such as the Internet and wireless means that security is an important issue for these systems. While physical security has always been a priority for such systems, the new threat is that of cyber or electronic attacks. Such attacks can come from a host of sources ranging from recreational hackers to terrorists, disgruntled employees or contractors. The ever increasing extortion attempts on on-line gambling systems are a case in point.
An Australian example of what can happen in the event of a SCADA electronic attack is discussed on page 6 along with a case study of an Internet based threat to a SCADA system.
Some issues for CEOs to think about:
- Consider the ramifications of your SCADA system going "down" or false commands given to your infrastructure due to a cyber attack. Consider also the effect it might have on both your bottom line and your reputation for service delivery.
- Is your SCADA security system robust enough to counter an electronic attack or at least minimise its effects?
- Is your SCADA system controlled in-house or is it outsourced which makes system oversight challenging?
« Prev | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Next »
Disclaimer »
|
