Environmental Engineering Reference
In-Depth Information
21.
Establish policies and conduct training to minimize the likelihood that
organizational personnel will inadvertently disclose sensitive information
regarding SCADA system design, operations, or security controls
. Release
data related to the SCADA network only on a strict, need-to-know
basis and only to persons explicitly authorized to receive such infor-
mation. “Social engineering,” the gathering of information about a
computer or computer network via questions to naïve users, is often
the first step in a malicious attack on computer networks. The more
information revealed about a computer or network, the more vulner-
able the computer or network is. Never divulge data revealed to a
SCADA network, including names and contact information about the
system operators and administrators, computer operating systems,
or physical and logical locations of computers and network systems
over the telephone or to personnel unless they are explicitly autho-
rized to receive such information. Any requests for information by
unknown persons should be sent to a central network security loca-
tion for verification and fulfillment. People can be a weak link in an
otherwise secure network. Conduct training and information aware-
ness campaigns to ensure that personnel remain diligent in guarding
sensitive network information, particularly their passwords.
The Bottom Line on Security
Again, when it comes to the security of our nation and even of water/waste-
water treatment facilities, few have summed it up better than Governor
Ridge (Henry, 2002):
Now, obviously, the further removed we get from September 11, the
natural tendency is to let down our guard. Unfortunately, we cannot
do that. … The government will continue to do everything we can to
find and stop those who seek to harm us. And I believe we owe it to the
American people to remind them that they must be vigilant, as well.
References and Recommended Reading
DOE. (2001).
21 Steps to Improve Cyber Security of SCADA Networks
. Washington, DC:
Department of Energy.
DOH. (2007).
Drinking Water Tech Tips: Sanitary Protection of Reservoirs—Vents
, DOH
Publ. No. 331-250. Olympia: Washington State Department of Health, Division
of Environmental Health, Office of Drinking Water.
