SCADA Scandal; American Department of Energy (DoE); For systems that can be remotely controlled and monitored, smart grids and other collective applications have released 21-step security recommendations.
The history of these systems is based on classical IT technology, so information from the host would be distributed but now it has been combined with the network. However, the open document effect was felt in the published document, the reason for this; the principle of privacy is still seen as valuable.
The principles of transparency and confidentiality underlying security standards have become even closer. It was concluded that the silence principle in security breaches provides an advantage for malicious sites and software.
Open talks for all are a way to improve security. One of the most used methods in the vulnerability is the attack on software that looks at the errors in the software, which can be used to log in to the servers, and it is enough to log in to the applications or to turn off harmful content.
These software flaws have been discussed in open forums and sessions in which a lot of people attend to provide the best quality assurance. Open source solution way; it has important implications for the development of quality safety and for new products to be placed on the market. Time and cost were in the third place for us in our efforts to improve quality security.
SCADA Scandal – Energy Hackers
Open sources and negotiations will make it easier for hackers to find software flaws, but we can assume that this war is on equal terms, but unfortunately, more money is transferred for peace and love, even in warfare situations like drugs and porn.
As a result of open discussions and sessions, private industries should be established to protect SCADA systems against malicious software. Here are 21 steps of the American Department of Energy’s security suggestions;
- Identify all connections on SCADA
- Disable all unnecessary connections.
- Reassess and strengthen all remaining connections
- Remove all unnecessary services installed on SCADA
- Do not rely on special protocols to protect your system
- Apply security features provided by device and system providers.
- Increase the security level of all connections used as backdoors on SCADA
- Watch Internal and External intrusion detection software 24/7
- Tighten all technical checks on security, SCADA devices and networks and other connected networks.
- Evaluate the physical security of all remote accesses connected to SCADA
- Create a “Red Team” to identify and evaluate possible attack scenarios in SCADA.
- Clearly define the cyber security roles, responsibilities and powers of administrators, system administrators and users,
- Identify systems with critical functionality, such as document network architecture, or sensitive information that requires additional levels of protection
- Establish a strict risk management process that will continue.
- Create a network protection strategy based on in-depth defense principle
- Identify cyber security requirements clearly
- Create effective configuration management processes.
- Perform routine self-assessment
- Create system backup and disaster recovery plans
- Establish authorities’ expectations for cyber security performance and identify staff responsible for their performance
- Identify procedures and organize training to minimize the possibility that staff will inadvertently disclose sensitive information about the SCADA system design, operation or security controls.
While it is unpredictable how industrialists will comply with these suggestions, we are sure that the Red Teams can do their part in cases of failure and disaster, but their commitment to the principle of confidentiality in times of disaster is unknown.