Transportation Security  | Physical Security  | Penetration Testing  | Firewall Pro  | Network Security  | S.C.A.D.A.  | H.I.P.A.A.  | eBanking  | Kids' Password  
InfoSecPro.com


InfoSecPro.com is providing corporations with leading edge computer and network security solutions.
Our staff of Certified Information Systems Security Professional (CISSP), Microsoft Certified Systems Engineer (MCSE) and Cisco Certified Network Associates (CCNA) will provide the best, cost effective security solutions.

 

Let us configure your network infrastructure to provide you with the security level you need.

Contact us at:

InfoSecPro.com
PO Box: 291
Purchase, NY 10577-0291
732-763-2814
tibi@infosecpro.com
www.infosecpro.com

S.C.A.D.A.
Top


The Security of Supervisory Control and Data Acquisition Systems(S.C.A.D.A.) and Distributed Control Systems (D.C.S) are of outmost importance.
The fact that the SCADA networks are private provides a great deal of security. Hackers simply cannot access the network from any off-site location. Keeping SCADA computers "disconnected" from the outside world, including the Internet, isolates the system from an awful lot of risks. The problem is that there are too many benefits in connecting to the outside world. Numerous information services are available via the Internet. Equipment suppliers can perform maintenance via the Internet. You can make operations information available anywhere in the world. If you want your system "connected", prudent use of firewalls and cyber security measures is mandatory.

Cyber attacks on energy production and distribution systems including electric, oil, and gas, water treatment and distribution systems as well as on chemical plants containing potentially hazardous substances could endanger public health and safety as well as invoke serious damage to the environment.
Attacks on any of the process control industries could result in serious financial implications including loss of production, generation or distribution of a product, compromising of proprietary information and creation of liability issues.

The Common Criteria for Information Technology Security Evaluation, also known as ISO/IEC 15408 is being used for evaluation of the security of Distributed Control Systems (D.C.S) and Supervisory Control and Data Acquisition Systems(S.C.A.D.A.). InfoSecPro.com can help construct an action plan for an information security program to put the organization on a trajectory for effective SCADA asset protection and regulatory compliance.

Typically the security of the SCADA or DCS environment depends significantly from the blending of the SCADA environment and the greater corporate network. The following questions should be considered:

- Do operators need Internet access? How is that provided?
- Is there a distinct boundary between the SCADA and corporate networks. Are there firewalls, or other network controls, between the SCADA network and the corporate network?
- Are there trust relationships used in the administration of servers between a domain within the SCADA environment and one or more outside?
- Is there remote access to the SCADA environment for support purposes? How is that provided?
- Who are the users for the data acquired by the SCADA network? Where are they located? What data do they require to get their jobs done? How do they access that data?.........

The security assessment will include:

* Information Criticality Matrix, based on the mission statement and policy
* System Criticality Matrix, based on logical and physical diagrams
* System Security Environment Analysis, of customer constraints and concerns
* Technical Assessment Plan and Reports, in compliance to the NSA IAM Baseline INFOSEC Classes and Categories, as follows:

  • Management
    • INFOSEC documentation
    • INFOSEC roles and responsibilities
    • Contingency planning
    • Configuration management
  • Technical
    • Identification and authentication
    • Account management
    • Session controls
    • Auditing
    • Malicious code protection
    • Maintenance
    • System assurance
    • Networking/connectivity
    • Communications security
  • Operational
    • Media controls
    • Labeling
    • Physical environment
    • Personal security
    • Education, training and awareness

InfoSecPro will validate your network against the corporate security policy and known Internet attacks. Risk analysis will be performed using the industry standard risk profile matrix. The Security Analysis Report will document any exploits found. The Security Analysis Report will suggest possible security solutions to alleviate the vulnerabilities.

ISO 17799, the Code of Practice for Information Security Management, is a standard which describes a management framework within which an organization can examine and improve its security posture.

Our services provide solutions for Network Security by:

  • Vulnerability scanning
  • Deployment of firewalls
  • Patch management
  • Use of Intrusion Detection Systems
  • Establishing Virtual Private Networks (VPN's)
  • Deployment of encryption applications (PGP) and secure protocols
  • Wireless Network Security measures and audits
  • Video Surveillance, with Digital, Analog or Ethernet video cameras. S A M P L E

Some of potential vulnerabilities and suggested countermeasures are included in the following Security Checklist.

R E S O U R C E S :

Department of Defense Trusted Computer System Evaluation Criteria

Department of Defense Information Technology Security Certification and Accreditation Process

Office of Management and Budget - CIRCULAR NO. A-130

Security Guidelines by American Petroleum Institute

NIST DRAFT Special Publication 800-26, Revision 1: Guide for Information Security Program Assessments and System Reporting Form

Risk Management Guide for Information Technology Systems

       Transportation Security  | Physical Security  | Penetration Testing  | Firewall Pro  | Network Security  | S.C.A.D.A.  | H.I.P.A.A.  | eBanking  | Kids' Password  

Copyright © 2007 InfoSecPro.com™
No material may be reproduced without written permission.