The protection of CIs from IT risks (Cyber) is always a hot topic: an interesting contribution to keep attention high.
With attacks on SCADA and ICS infrastructures becoming more frequent, some advice on how to keep the vital services they manage secure.
Below is a link to an interesting article by David Gubiani, Technical Manager, Check Point Software Technologies Italy.
Go to the article
No system can be 100% secure, and usually, a system "lives" as it is subject to changes, which may even concern the context in which it is installed and the people who use it.
We all know that security is a process, and as such it must be kept fed from the moment in which the use of the system is hypothesized and until the moment following that in which the system is decommissioned: therefore we must be ready to conduct careful analyzes of the risk even in moments following the implementation of the system itself, when not only the system but also the surrounding conditions may vary.
Like many other systems that manage information within the organization of the company, SCADA/ICS systems are also part of often critical processes for the company.
The continuity of production, the reliability of its plants allow the company to maintain and improve its market shares and its reputation.
The fact of being able to know in detail how our system is performing and any other information of interest is very often also a precise requirement in order to continue to remain on the market.
Let's think of production in regulated environments (such as medicines or personal care products) or even beverages and foods: in these environments there are precise mandatory standards such as those imposed by the FDA (Food & Drug Administration - USA), by the Ministry of Health, by the AIFA.
Or even the Directive 2008/114/EC of the European Community relating to the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.