Cyber Security: Difference between revisions
(Created page with "__NOTOC__ Category:Risk Assessment Site Security ---- <!-- Delete any sections that are not necessary to your topic. Add pictures/sections as needed --> "Key cyber risks include cyberattacks that target inadequate security controls, outdated patches, and unknown vulnerabilities; social engineering attempts designed to gain operator credentials; and intrusions from insider threats. All such attempts could allow attackers to access critical control systems and disrupt...") |
Rmanwaring (talk | contribs) No edit summary |
||
| Line 3: | Line 3: | ||
---- | ---- | ||
<!-- Delete any sections that are not necessary to your topic. Add pictures/sections as needed --> | <!-- Delete any sections that are not necessary to your topic. Add pictures/sections as needed --> | ||
"Key cyber risks include cyberattacks that target inadequate security controls, outdated patches, and unknown vulnerabilities; social [[engineering]] attempts designed to gain operator credentials; and intrusions from insider threats. All such attempts could allow attackers to access critical control systems and disrupt or control physical components and processes."<ref name="Dams Sector">[[Dams Sector-Specific Plan| Dams Sector-Specific Plan | "Key cyber risks include cyberattacks that target inadequate security controls, outdated patches, and unknown vulnerabilities; social [[engineering]] attempts designed to gain operator credentials; and intrusions from insider threats. All such attempts could allow attackers to access critical control systems and disrupt or control physical components and processes."<ref name="Dams Sector">[[Dams Sector-Specific Plan | Dams Sector-Specific Plan, U.S. Department of Homeland Security, 2015]]</ref> | ||
"Separating controls systems from untrusted networks (known as air-gapping) may no longer be a sufficient security practice. Standardized hardware and communications protocols, the use of USB drives, and the need to deliver operational data into business systems all increase the risk of unintentional outside network connections." | "Separating controls systems from untrusted networks (known as air-gapping) may no longer be a sufficient security practice. Standardized hardware and communications protocols, the use of USB drives, and the need to deliver operational data into business systems all increase the risk of unintentional outside network connections." | ||
Latest revision as of 15:30, 14 December 2022
"Key cyber risks include cyberattacks that target inadequate security controls, outdated patches, and unknown vulnerabilities; social engineering attempts designed to gain operator credentials; and intrusions from insider threats. All such attempts could allow attackers to access critical control systems and disrupt or control physical components and processes."[1]
"Separating controls systems from untrusted networks (known as air-gapping) may no longer be a sufficient security practice. Standardized hardware and communications protocols, the use of USB drives, and the need to deliver operational data into business systems all increase the risk of unintentional outside network connections."
"Process control system operators typically have limited experience to distinguish between a system anomaly and a cyberattack. Operators rely on hardware and software vendors, who may not routinely, rapidly, or adequately update and patch process control systems to address cyber vulnerabilities. Some systems must be taken down for updates and can only be patched during planned outages." [1]
Citations:
Revision ID: 5650
Revision Date: 12/14/2022