Tuesday, May 30, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • Randall Munroe’s XKCD ‘The Six Platonic Solids’
  • ‘Predator’ — Nasty Android Spyware Revealed
  • Crypto Scams
  • BSidesSF 2023 - Breanne Boland - New Apps, Good Snacks: Effective Threat Modeling for New Territory
  • Is Your Cybersecurity Vendor Built to Thrive or Struggling to Survive?
IoT & ICS Security Security Bloggers Network 

Home » Cybersecurity » IoT & ICS Security » Taking the First Steps Down the Security Posture Path with AWWA

SBN

Taking the First Steps Down the Security Posture Path with AWWA

by Tripwire Guest Authors on July 17, 2018

What does a human need to survive? Typically, the first two items are food and water followed by a place live. Most of us take for granted that our water supply is always safe and drinkable. As such a vital resource, one would think that the critical infrastructure that purifies and monitors water must be completely secure at all times.

DevOps ConnectSponsorships Available

Unfortunately, that is not always the case. Take the classic hacker case of the Maroochy water plant in Queensland, Australia, for instance, where sewage was released into local waterways over a three-month period.

This event triggered government entities to become involved. The Australian Department of Communications, Information Technology and the Arts (DCITA) launched an effort to investigate the potential risks to SCADA systems and began holding a series of instructional workshops across the country regarding security mitigation and risk management. The workshop utilized known techniques such as defense-in-depth strategies.

Somebody has poisoned the waterhole

In the United States, governments and utilities were paying attention to the fact that critical infrastructure should not be taken lightly. In 2013, President Obama issued Executive Order 13636 – Improving Critical Infrastructure Cybersecurity. One of the more interesting actionable items is:

Sec. 8. Voluntary Critical Infrastructure Cybersecurity Program. (a) The Secretary, in coordination with Sector-Specific Agencies, shall establish a voluntary program to support the adoption of the Cybersecurity Framework by owners and operators of critical infrastructure and any other interested entities (the “Program”).

The question then becomes: how do we identify and implement some mechanism to protect critical infrastructure? By “we,” I mean the utility trying to build a security posture with no prior knowledge.

In the case of the power transmission and distribution world, there are hard requirements to meet known as the NERC CIP requirements. These are put in place to protect the United States’ electrical (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/taking-the-first-steps-down-the-security-posture-path-with-awwa/

July 17, 2018July 18, 2018 Tripwire Guest Authors Cybersecurity, Featured Articles, ICS Security, Infrastructure, SCADA
  • ← BSidesLV Preview: Your Taxes are Being Leaked
  • Survey Finds Breach Discovery Takes an Average 197 Days →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Tue 30

Simplify, Secure, Strengthen: Implementing Zero-Trust Across Your Endpoints

May 17 @ 1:00 pm - July 12 @ 2:00 pm
Jun 05

Securing Open Source

June 5 @ 1:00 pm - 2:00 pm
Jun 08

ActiveState Workshop: Building Secure and Reproducible Open Source Runtimes

June 8 @ 1:00 pm - 2:00 pm
Jun 13

Uncovering the Hidden Cybersecurity Threat in Your Organization

June 13 @ 1:00 pm - 2:00 pm
Jun 14

Enrich Security Investigations With ServiceNow Asset Data in Snowflake

June 14 @ 3:00 pm - July 24 @ 4:00 pm
Jun 15

Securing Containers & Kubernetes With AWS And Calico

June 15 @ 3:00 pm - 4:30 pm
Jun 22

Strange Bedfellows: Software, Security and the Law

June 22 @ 11:00 am - 12:00 pm
Jun 22

Sneak Peek: Cloud Security Prioritized With Sonrai

June 22 @ 1:00 pm - 2:00 pm
Jun 22

Unleash the Potential of Your Log and Event Data, Including AI’s Growing Impact

June 22 @ 3:00 pm - 4:00 pm
Jul 24

Identity and Access Management

July 24 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT
Revolutionize Zero-Trust Security With a Converged Identity Platform
Federal Appellate Court Approves ‘Pretext’ Border Search
Consumers Wary of Biometric Security
‘Predator’ — Nasty Android Spyware Revealed
Is Your SIEM Strategy Failing You? Here’s Why AI-Powered XDR Might Be The Answer
What are FedRAMP Requirements? (And Who Needs to Know)
Phishing Domains Tanked After Meta Sued Freenom
SafeBreach Coverage for US-CERT Alert (AA23-144A) – Volt Typhoon
BSidesSF 2023 – Leif Dreizler – Tracking Meaningful Security Product Metrics

Download Free eBook

Managing the AppSec Toolstack

Industry Spotlight

‘Predator’ — Nasty Android Spyware Revealed
Analytics & Intelligence API Security Cyberlaw Cybersecurity Data Security Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Predator’ — Nasty Android Spyware Revealed

May 30, 2023 Richi Jennings | 1 hour ago 0
Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift
Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Industry Spotlight News Security Boulevard (Original) Spotlight 

Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift

May 23, 2023 Michael Vizard | May 23 0
Facebook Fined $1.3B — Zuckerberg Furious in GDPR Fight
Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threats & Breaches 

Facebook Fined $1.3B — Zuckerberg Furious in GDPR Fight

May 22, 2023 Richi Jennings | May 22 0

Top Stories

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT
Analytics & Intelligence API Security Cloud Security Cyberlaw Cybersecurity Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response IOT IoT & ICS Security Malware Most Read This Week Network Security News Popular Post Security Boulevard (Original) Security Operations Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT

May 26, 2023 Richi Jennings | 4 days ago 0
Federal Appellate Court Approves ‘Pretext’ Border Search
Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) 

Federal Appellate Court Approves ‘Pretext’ Border Search

May 26, 2023 Mark Rasch | 4 days ago 0
U.S.-South Korea Forge Strategic Cybersecurity Framework
Cybersecurity Featured Governance, Risk & Compliance News Security Boulevard (Original) Spotlight Threat Intelligence 

U.S.-South Korea Forge Strategic Cybersecurity Framework

May 25, 2023 Christopher Burgess | May 25 0

Security Humor

Randall Munroe’s XKCD ‘The Six Platonic Solids’

Randall Munroe’s XKCD ‘The Six Platonic Solids’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.