From: mdfranz@io.com
Date: Sun Jul 07 2002 - 23:00:04 EDT
No hands-on experience but I've done a little digging on the topic. Most
of the info (whitepapers, academic articles, prezos) is the normal blah
blah blah best practices (policy/firewall/ids/pentest) vs. low level
details of specific control system vulnerabilities.
The most interesting things I ran across (sorry no URLs but they should be
in google):
Barry C. Ezell, _Risks of Cyber Attack to Supervisory Control and Data
Acquisition for Water Supply_ (Master's Thesis, UVA, 1998)
Joe Wiess, _Information Security Needs and Issues for Control Systems_
(Prezo at EEI/AGA IT Conference, 14 Jan '02)
There were a few interesting prezos at the ICCC (Common Criteria) meeting
on archictectural security issues for control systems a month or so ago
but they still haven't released the CD-ROMs yet.
Work is being done at Argonne/Sandia National labs on this type of stuff.
Also NIST (especially PCSRF
http://www.isd.mel.nist.gov/projects/processcontrol/)
Riptech is also active on the commercial side.
BTW, there is a conference at the end of the month in Vancouver on SCADA
security that might be promising. See http://www.kemaseminars.com
- mdf
> Has anyone had any experience with SCADA systems?
>
>
> Gaziel Avishay,
> Information Risk Management
> KPMG Somech-Chaikin
> 972-3-6848606
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT