Security for critical infrastructures

DHS details security requirements for automated control systems.

The US Department of Homeland Security (DHS) has laid out a set of security requirements for automated control systems to protect the country's critical infrastructure and key resources against online attacks.

VB100

The recommendations in the Catalog of Control System Requirements include basic IT security measures such as installing anti-virus software and keeping it fully up to date. The document indicates that, for maximum security, remote updates for security software should be scheduled for periods when the control system is disconnected from the equipment it controls. The document also recommends against using DNS for control systems, in order to protect against denial of service attacks, and against using Voice over IP, Instant Messaging, FTP, HTTP and file sharing on control systems.

Elsewhere the document, which was put together by representatives of the Department of Energy National Laboratories and the National Institute of Standards and Technology, details practices that are recommended to increase physical security, including organisational, personnel and environmental security practices. The full set of recommendations can be seen here.

01 August 2007

Tags:    del.icio.us  digg this! digg this

Quick Links



Poll

When do you install software updates?
As soon as they are released
As soon as I have some time
I take my time, but I always install them eventually
Only when I feel it is absolutely necessary
Never
Leave a comment
View 12 comments

Jobs Career Sidebar

Twitter Feed

virusbtn: RT @emailsecmatters: The typical spam message has sources as diverse as the spam lunch meat: http://ht.ly/2yucd
2 hours ago


virusbtn: Can anyone write a rap about our RAP tests (http://bit.ly/255ySQ) and submit it to the Symantec competition http://bit.ly/bOJg8r
6 hours ago


Virus Bulletin

In this month's magazine:
  • VB100 – Windows Vista Business Edition Service Pack 2
  • Apple pie order?
  • Anti-unpacker tricks – part eleven
  • Advanced exploit framework lab set-up
  • HTML structure-based proactive phishing detection
  • What’s the deal with sender authentication? Part 3
Virus Bulletin 08 2010
Subscribe now!
Virus Bulletin currently has 208,224 registered users.