Friday, June 20, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
IoT & ICS Security Security Bloggers Network 

Home » Cybersecurity » IoT & ICS Security » Taking the First Steps Down the Security Posture Path with AWWA

SBN

Taking the First Steps Down the Security Posture Path with AWWA

by Tripwire Guest Authors on July 17, 2018

What does a human need to survive? Typically, the first two items are food and water followed by a place live. Most of us take for granted that our water supply is always safe and drinkable. As such a vital resource, one would think that the critical infrastructure that purifies and monitors water must be completely secure at all times.

Unfortunately, that is not always the case. Take the classic hacker case of the Maroochy water plant in Queensland, Australia, for instance, where sewage was released into local waterways over a three-month period.

Techstrong Gang Youtube
AWS Hub

This event triggered government entities to become involved. The Australian Department of Communications, Information Technology and the Arts (DCITA) launched an effort to investigate the potential risks to SCADA systems and began holding a series of instructional workshops across the country regarding security mitigation and risk management. The workshop utilized known techniques such as defense-in-depth strategies.

Somebody has poisoned the waterhole

In the United States, governments and utilities were paying attention to the fact that critical infrastructure should not be taken lightly. In 2013, President Obama issued Executive Order 13636 – Improving Critical Infrastructure Cybersecurity. One of the more interesting actionable items is:

Sec. 8. Voluntary Critical Infrastructure Cybersecurity Program. (a) The Secretary, in coordination with Sector-Specific Agencies, shall establish a voluntary program to support the adoption of the Cybersecurity Framework by owners and operators of critical infrastructure and any other interested entities (the “Program”).

The question then becomes: how do we identify and implement some mechanism to protect critical infrastructure? By “we,” I mean the utility trying to build a security posture with no prior knowledge.

In the case of the power transmission and distribution world, there are hard requirements to meet known as the NERC CIP requirements. These are put in place to protect the United States’ electrical (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/taking-the-first-steps-down-the-security-posture-path-with-awwa/

July 17, 2018July 18, 2018 Tripwire Guest Authors Cybersecurity, Featured Articles, ICS Security, Infrastructure, SCADA
  • ← BSidesLV Preview: Your Taxes are Being Leaked
  • Survey Finds Breach Discovery Takes an Average 197 Days →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

Upcoming Webinars

How to Spot and Stop Security Risks From Unmanaged AI Tools

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

Hacktivists Strike Within Minutes of Israel Missile Attacks on Iran Nuclear Sites 
Iran Reduces Internet Access After Israeli Airstrikes, Cyberattacks
Google’s $32 Billion Acquisition of Wiz Draws DoJ Antitrust Probe: Report
Trump’s TikTok Tarry — Yet Again, Ban-Can Kicked Down the Road
Novel TokenBreak Attack Method Can Bypass LLM Security Features
MY TAKE: Microsoft takes ownership of AI risk — Google, Meta, Amazon, OpenAI look the other way
Cities of the Future or Hacker’s Paradise? The Cybersecurity Risks of Smart Cities
What are the best practices for MCP security?
Integrating SCIM with Identity Providers: Your Complete Guide to Okta and Azure AD
How the New HIPAA Regulations 2025 Will Impact Healthcare Compliance

Industry Spotlight

US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency
Analytics & Intelligence Blockchain Cyberlaw Cybersecurity Data Privacy Digital Currency Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches 

US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency

June 20, 2025 Richi Jennings | Yesterday 0
Iran Reduces Internet Access After Israeli Airstrikes, Cyberattacks
Blockchain Cloud Security Cybersecurity Data Security Digital Currency Featured Identity & Access Incident Response Industry Spotlight Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

Iran Reduces Internet Access After Israeli Airstrikes, Cyberattacks

June 18, 2025 Jeffrey Burt | 2 days ago 0
Trump’s TikTok Tarry — Yet Again, Ban-Can Kicked Down the Road
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Data Privacy DevOps Endpoint Featured Governance, Risk & Compliance Humor Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches 

Trump’s TikTok Tarry — Yet Again, Ban-Can Kicked Down the Road

June 18, 2025 Richi Jennings | 2 days ago 0

Top Stories

Google’s $32 Billion Acquisition of Wiz Draws DoJ Antitrust Probe: Report
Cybersecurity Featured News Security Boulevard (Original) Social - X Spotlight 

Google’s $32 Billion Acquisition of Wiz Draws DoJ Antitrust Probe: Report

June 19, 2025 Jon Swartz | 1 day ago 0
AWS Makes Bevy of Updates to Simplify Cloud Security
Cloud Security Cybersecurity Featured News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

AWS Makes Bevy of Updates to Simplify Cloud Security

June 18, 2025 Michael Vizard | 2 days ago 0
U.S. Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence 

U.S. Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam

June 17, 2025 Jeffrey Burt | 3 days ago 0

Security Humor

A pig in a muddy farm field

US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency

Download Free eBook

The State of Cloud Native Security 2020

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×