Monday, April 12, 2021
  • The Cost of Cloud LDAP
  • Identity Management Day: Cybercriminals No Longer Hack in, They Log In
  • ColorTokens Appoints Co-Founder Rajesh Khazanchi as CEO to Build an Industry Leader in Zero Trust Cybersecurity Solutions
  • BSides Philly 2020 – Jonathan Magen’s ‘SPNDL: Security Policy Notation And Description Language’
  • Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 324’

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
IoT & ICS Security Security Bloggers Network 

Home » Cybersecurity » IoT & ICS Security » Taking the First Steps Down the Security Posture Path with AWWA

Taking the First Steps Down the Security Posture Path with AWWA

by Tripwire Guest Authors on July 17, 2018

What does a human need to survive? Typically, the first two items are food and water followed by a place live. Most of us take for granted that our water supply is always safe and drinkable. As such a vital resource, one would think that the critical infrastructure that purifies and monitors water must be completely secure at all times.

Unfortunately, that is not always the case. Take the classic hacker case of the Maroochy water plant in Queensland, Australia, for instance, where sewage was released into local waterways over a three-month period.

This event triggered government entities to become involved. The Australian Department of Communications, Information Technology and the Arts (DCITA) launched an effort to investigate the potential risks to SCADA systems and began holding a series of instructional workshops across the country regarding security mitigation and risk management. The workshop utilized known techniques such as defense-in-depth strategies.

Somebody has poisoned the waterhole

In the United States, governments and utilities were paying attention to the fact that critical infrastructure should not be taken lightly. In 2013, President Obama issued Executive Order 13636 – Improving Critical Infrastructure Cybersecurity. One of the more interesting actionable items is:

Sec. 8. Voluntary Critical Infrastructure Cybersecurity Program. (a) The Secretary, in coordination with Sector-Specific Agencies, shall establish a voluntary program to support the adoption of the Cybersecurity Framework by owners and operators of critical infrastructure and any other interested entities (the “Program”).

The question then becomes: how do we identify and implement some mechanism to protect critical infrastructure? By “we,” I mean the utility trying to build a security posture with no prior knowledge.

In the case of the power transmission and distribution world, there are hard requirements to meet known as the NERC CIP requirements. These are put in place to protect the United States’ electrical (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/taking-the-first-steps-down-the-security-posture-path-with-awwa/

July 17, 2018July 18, 2018 Tripwire Guest Authors Cybersecurity, Featured Articles, ICS Security, Infrastructure, SCADA
  • ← BSidesLV Preview: Your Taxes are Being Leaked
  • Survey Finds Breach Discovery Takes an Average 197 Days →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’
Time to Retire a Cybersecurity Cliché
Secrets Detection: An Emerging AppSec Category
Understanding EtterSilent and the Cybercrime Supply Chain
Should You Hire a Computer Forensics Specialist?
Announcing ShiftLeft CORE — A Code Security Platform
How Insider DLP Risks Impact Cybersecurity & Student Data Privacy
Remote Work: How To Limit Cybersecurity Risks?
What is Cyber Risk?
How to Increase & Justify Your Cyber Security Budget

Upcoming Webinars

Tue 13

How to Build Safer Cloud-Native Applications

April 13 @ 3:00 pm - 4:00 pm
Wed 14

AppSec Risk: You Can’t Manage What You Can’t Measure

April 14 @ 1:00 pm - 2:00 pm
Thu 15

The Age of Collaborative Security

April 15 @ 11:00 am - 12:00 pm
Fri 16

Expect More From Your AppSec Vendor

April 16 @ 1:00 pm - 2:00 pm
Wed 21

Managing Open Policy Agent at Scale – Styra DAS

April 21 @ 3:00 pm - 4:00 pm
Thu 22

A New Approach to Secure Web Gateways

April 22 @ 11:00 am - 12:00 pm
Mon 26

The Kubernetes Network (Security) Effect

April 26 @ 9:00 am - 10:00 am
Mon 26

Application Security: Moving at the Speed of DevOps

April 26 @ 1:00 pm - 2:00 pm
May 05

Managing Permissions and Entitlements is at the Core of a Zero Trust Model in the Cloud

May 5 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Identity Management Day: Cybercriminals No Longer Hack in, They Log In
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

Identity Management Day: Cybercriminals No Longer Hack in, They Log In

April 12, 2021 Brad Shewmake | 2 hours ago 0
Visibility, Context, Automation are Key to Security Control
CISO Suite Cloud Security Cybersecurity Data Security Endpoint Industry Spotlight Network Security Security Boulevard (Original) 

Visibility, Context, Automation are Key to Security Control

April 12, 2021 Ron Davidson | 13 hours ago 0
Secrets Detection: An Emerging AppSec Category
Application Security AppSec Cloud Security Cybersecurity Data Security Endpoint Industry Spotlight Security Boulevard (Original) 

Secrets Detection: An Emerging AppSec Category

April 8, 2021 Mackenzie Jackson | 4 days ago 0

Top Stories

Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)
Analytics & Intelligence Application Security AppSec Cyberlaw Cybersecurity Deep Fake and Other Social Engineering Tactics Endpoint Featured Governance, Risk & Compliance Identity & Access Identity and Access Management Incident Response IoT & ICS Security Malware Network Security News Securing the Edge Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)

April 12, 2021 Richi Jennings | 5 hours ago 0
Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’
Analytics & Intelligence Application Security AppSec Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’

April 8, 2021 Richi Jennings | 4 days ago 0
Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL
Analytics & Intelligence Application Security Cybersecurity Data Security Endpoint Featured Identity & Access Malware Mobile Security News Security Boulevard (Original) Spotlight 

Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL

April 5, 2021 Richi Jennings | Apr 05 0

Security Humor

Robert M. Lee's & Jeff Haas' Little Bobby Comics - 'WEEK 324'

Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 324’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.