ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Issues and Risks of Connecting SCADA Systems

Issues and Risks of Connecting SCADA Systems

| Published: 12/27/2012 7:44 AM | Permalink | Email this Post | Comments (0)
Ashwin K. ChaudaryAshwin K. Chaudary, CISA, CISM, CGEIT, CRISC, CISSP, PMP
The issues and risks involved when SCADA/control systems are connected to the business network are especially critical with the rise in cybercrime and sophisticated malware attacks such as Stuxnet, DuQu, Flame and Shamoon.
We are dependent on SCADA/control systems that control our day-to-day needs and utilities such as rail, airports, electricity, water, oil and gas. Cybercriminals taking over such systems may be able to create havoc, injury or worse. Connecting such systems to the business network increases the risk of these systems being compromised.
My recent Journal article highlights the status of security audits for SCADA/control systems and briefly points out steps required to increase security when connecting such systems to the business network. It also indicates best practices, defense-in-depth strategies and points for auditing the SCADA/control systems that differ from steps for business systems audits.
The article highlights for the auditor community the need to look into this area of security.
Read Ashwin Chaudary’s recent Journal article:
Is the Business Network Connected to SCADA? Need for Auditing SCADA Networks,” JournalOnline, ISACA Journal, volume 6, 2012


There are no comments yet for this post.