Security Topics Page

Recent Articles

Effective policies require collaboration, reflection and resources to monitor compliance

Tom Moriarty, P.E., CMRP, contributing editor, says determine the reasonableness of policies you impose.

In the Trenches: Trouble brews when supervisor can't cope

In this edition of In the Trenches, Acme learns what happens when a supervisor can't cope.

The best strategies for leveraging scarce resources

Strategies for leveraging scarce resources.

Counterfeit products aren't worth the savings

Russ Kratowicz, P.E., CMRP, says piracy, fakery and bogusity have become all too common in the maintenance world.

More Articles »

White Papers: In Depth Research

Stuxnet and security dos and don'ts revisited
Posted: 07/18/2011
In all of the panic and anxiety caused by Stuxnet, there's been lots of highly technical discussions of how the latest technology (e.g., application whitelisting, data diodes, etc.) might have been able to contain it. But all of this focus on what could have been done potentially distracts us from what is really at issue. There is no silver bullet. No matter what system you buy or what program you put in place, there is always going to be a way around or a possible/plausible threat. Your product may block what we see today, but what is on the horizon? What gets lost in all of this distraction is the importance of security fundamentals and of having proper expectations of your security program: provide a program or tools that minimize your exposure and maximize your ability to contain and recover from an event when it happens — and it will.

An IT perspective of control systems security
Author: Andrew Ginter
Posted: 05/26/2010
Enterprises with industrial operations typically utilize at least two types of computer networks: Information Technology (IT) — a network that supports enterprise information system functions like finance, HR, order entry, planning, email and document creation; and Operational Technology (OT)— a network that controls operations in real time. This second type of network supports real-time or control system products, generally referred to as Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), Energy Management Systems (EMS) or Manufacturing Execution Systems (MES), depending on the industry.

There has been much discussion and debate around the convergence between Information Technology (IT) and Operational Technology (OT). In an effort to provide better visibility and information flow between revenue generating OT assets and enterprise applications, these systems have often been interconnected, in many cases without properly securing the control systems from cyber attack first. If the IT and OT networks are interconnected, yet not properly secured, a breach to one network can easily transverse to the other, leaving the entire computing infrastructure at risk.

This paper is intended to educate IT professionals on the unique requirements of operational technology and what is required to properly secure these networks from cyber attack, so that organizations can assure security, reliability and safety of information and revenue generating assets.

Perimeter Security: Deter, Detect, Delay, and Deny
Author: Master Halco
Posted: 09/14/2006
In this era of vulnerability with potential for increased terrorist activity, how can you best guarantee the safety of your facility? Even though we’ve come a long way from the days of castles and moats, the principles of perimeter security are the same: a total response that deters, detects, delays, and denies intruders access to your vital holdings.

Industrial Security and Compliance
Author: Matrikon
Posted: 04/27/2006
This 10-page whitepaper from Matrikon talks about each of the areas of concentration for process sucurity in detail--people, processes and technology--as well as the priority of developing a security philosophy which will in turn foster a security culture.

More White Papers »

News

More News »

Product Announcements

More Product Announcements »

  • Featured White Papers