Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!
SCADA: The Power Grid Saga
In an excellent report published today in the USA Today, Steve Reilly wel-researched work gives examples of just how big the risk from unsecured SCADA devices is.
As I wrote in 2009, in my article ‘The Biggest Hole of It All‘, our infrastructure, that is to say the foundations on which our way of life depends, are highly insecure.
For example, Mr. Reilly describes that in the Power Grid area alone, the Department of Homeland Security (DHS), reported more than 151 ‘cyber incidents’, representing a 36% increase over the previous years’ and an astonishing 487% increase over 2012.
The article mentions a 2011 attack on a small electricity co-op in Texas. What is really telling are the words (emphasis mine)
…CEO R.B. Sloan shared his surprise with the utility’s board of directors.”
Why surprise, you ask?
It seems that the CEO thought the hackers would aim for ‘something else’ to ‘make a bigger impact’. Is that not another occurrence of the Ostrich Syndrome?
Thank you for coming back for the exciting Part VIII of The Microsoft approach to cloud transparency
The Microsoft approach to cloud transparency
Using the Cloud Security Alliance’s Security, Trust & Assurance Registry (STAR)
Part VIII – Aligning to STAR
When mitigating risk while deploying a cloud solution, an organization must consider the cloud-specific risks described in the preceding “Cloud assurance challenges” section as well as organizational goals. Common as well as cloud-specific risks must be weighed and evaluated carefully to assure the best results for the organization.
One best practice is to proceed with the selection of a cloud provider as described earlier, by using a common framework. This approach will help mitigate risk but also help avoid the cost of engaging outside expertise and a costly independent review process, relying instead on combined efforts that represent years of expertise in the field.
Using STAR, an organization can compare various cloud offerings, select criteria important to the organization, and document how and why a specific solution was selected. This approach helps mature future selection efforts and adds to the organization’s knowledge base.
Organizations can use the control criteria in the CCM to help mitigate the risk of missing important evaluation criteria. STAR also allows organizations to use a fully developed framework to carefully compare similar offerings. In addition, it can provide a way to measure and quantify weighting factors for related criteria.
Come back next week for Part IX!