Product Details Supplier Info More products

Norman Data Defense has issued a warning to national infrastructure suppliers to take notice of the increasing number of threats to national infrastructure controls running on TCP/IP-based networks.

Most of the national infrastructure is controlled and operated by legacy process and control systems, which are open to attack.

Over the last 10 years or so there has been a convergence of IT and control systems, with the adoption of common hardware, operating systems and communication technologies in the process and control layers.

Legacy process and control systems are frequently merged with other systems to deliver increased information flow, with entire organisations operating them.

Once isolated, process and control systems can now be accessed externally from many different points of entry.

One major threat to security are the mobile devices that are in people’s possession.

USB devices, laptops and PDAs are moved to and from the process and control systems, with legacy systems still operating on some technologies despite known vulnerabilities; these systems have little or no security implemented.

A further risk is that traditional IT security solutions are not used because system incompatibilities create a gaping hole in the defences that hold the national infrastructure together.

Norman Data Defense has developed a seven-point plan to reduce the threat on the national infrastructure.

First, existing IT security guidelines within national infrastructure organisations should be enhanced to include process and control systems security.

Modifications to existing IT security guidelines should be made to accommodate specific process and control systems requirements.

IT and control system departments need to work together.

Vulnerability assessments should be commissioned on all process and control systems used within the national infrastructure.

New and legacy systems should be security hardened to prevent, wherever possible, both untargeted and targeted attacks.

System security hardening should commence immediately and not wait for major system upgrades.

Finally, both physical and IT security need to be considered together.

Norman Data Defense Systems

View full profile