nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Energy sector biz hackers are back and badder than ever before

Silver badge

Segmenting networks with firewalls, improved access controls and patching are needed to better defend infrastructure sector firm from potential attack, he added.

Maybe I'm missing something but why not add, remove Internet access to such things as the generator controls, generator protection devices, etc. to the warnings? All the critical equipment should be on it's own network without access to the Internet.

5
0
Anonymous Coward

All the critical equipment should be on it's own network without access to the Internet

You'd still need things like leased lines to run the SCADA. And against a nation state grade actor, tapping into a leased line is probably relatively easy. I'd expect that anybody wanting to target another country would have "plants" in the target country's telecom sector. Stuxnet didn't get into Iran's centrifuges via the internet, so it all begs the question, what are you seeking to protect from whom?

3
1
Anonymous Coward

There are standards...

@Mark

There are CIP (Critical Infrastructure Protection) standards in place today that address your concerns about network isolation, strong authentication, SCADA access, etc. (http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx)

If you're feeling bored browse through the 11 "Subject to Enforcement" standards - they're actually quite good and many have roots in the NIST guidance. The real question is whether they are being followed, how often audits are occurring, and the effectiveness of deterrents (fines) for failing to comply.

Anyone who does get compromised and taken down is going to have some 'splaining to do, but that won't help those sitting in the dark.

4
1
Anonymous Coward

Risks of coming to El Reg

I hope El Reg treats the 'watering hole' aspect with the attention it deserves.

1
0
Anonymous Coward

Squirrels are still winning

With both Ukraine attacks + stuxnet, that's still only 3 successful cyberattacks... squirrels are at 1000+...

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing