Industrial Defender has published a 12 page white paper titled, ‘Report from the field: seven best practices for automation system cyber security and compliance.’ Advanced persistent threats from industrial espionage and viruses like Stuxnet and Duqu are on the rise. At the same time there is a push for more open systems à la smart grid and for interconnection of business and control systems. The relationship between industrial operations and corporate IT is complex and responsibilities may not align with day-to-day activities.
Automation professionals’ responsibilities have extended to security and compliance and this has led to overlapping responsibilities and constrained resources. The recommendations cover security and compliance staffing, secure perimeter firewall and router configuration, proper software patch monitoring and updating, proper separation of corporate and plant networks and good password management. Third-party software with weak default configurations is to be avoided or mitigated. Good documentation of ports and services used is necessary to minimize penetration opportunities.
© Oil IT Journal - all rights reserved.