English (United States)
Call us! 512-349-0334 or (877) INDUSOFT

InduSoft Web Studio Forums

Find additional forum posts in in the Forum Archives. For assistance view the Forum Frequently Asked Questions.

SCADA Security Training
Last Post 18 Jun 2013 12:14 PM by Richard Clark. 4 Replies.
Printer Friendly
  •  
  •  
  •  
  •  
  •  
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
MelindaCorleyUser is Offline
New Member
New Member
Posts:6


--
30 May 2013 10:16 AM

    The NIST CyberSecurity Framework Workshop has been proving especially informative.

    The plenary webcasts will be available on the NIST website approximately June 5 at http://go.usa.gov/bgFF until about June 30th or so.

    This workshop brought together every industry and government entity using any automation and control in order to get input for a National Cybersecurity Framework guidance that can be applied to any automation system.  More information about the Workshop and what went on is located here: http://www.nist.gov/itl/csd/cyberse...1-2013.cfm

     

    The next Workshop will be in July in San Diego to discuss the ideas and concepts that were defined at Workshop #2.  Customers are welcome to provide any pertinent input that they feel would be appropriate to: mailto:cyberframework@nist.gov

    Richard Clark

    InduSoft TMS

    Soniya udaiUser is Offline
    New Member
    New Member
    Posts:2


    --
    04 Jun 2013 02:17 AM
    1.Scanning SCADA Systems for Vulnerabilities

    Tenable offers a layered approach to scanning SCADA systems and devices:

    The Nessus vulnerability scanner performs both uncredentialed and credentialed scans of SCADA systems for a wide range of vulnerabilities.
    2.Policy Audits for NERC CIP Compliance
    3.Unified Security Monitoring and SCADA Secure
    Richard ClarkUser is Offline
    Forum Moderator
    Forum Moderator
    Posts:677


    --
    04 Jun 2013 09:00 AM
    If anyone has ideas that may be useful to the NIST Cybersecurity Framework, be sure to send them to: cyberframework@nist.gov before June 30.

    The framework is intended to be platform and vendor independent, meaning that the guidance or framework should be able to be applied to any platform or OS and not dependent on any one vendor's hardware or software.

    While this may seem like a tall order, NIST is attempting to compile these thoughts and ideas into a useable form. Anyone's input is welcome.

    Richard Clark
    InduSoft TMS

    Soniya udaiUser is Offline
    New Member
    New Member
    Posts:2


    --
    17 Jun 2013 04:14 AM
    Once all of the ICS and RF concepts are completely understood, then the course shifts into a Penetration and Exploitation mindset. The students are taught how to find security vulnerabilities in ICS and SCADA system components, how to safely conduct penetration testing against live ICS and SCADA systems, and how to conduct Cyber Vulnerability Assessments that satisfy the NERC CIP and DHS CFATS regulations. The Metasploit framework is taught using the BackTrack environment. The hands-on exercises start with basic Linux commands, and by the end of the course, students are creating their own buffer overflows and other exploits using Metasploit, NETCAT, HPING, and other open source tools.


    Richard ClarkUser is Offline
    Forum Moderator
    Forum Moderator
    Posts:677


    --
    18 Jun 2013 12:14 PM
    Update on the 3rd NIST Cybersecurity workshop. The dates are set for July 10-12 at UC San Diego. Here is the link if you are interested:

    http://www.nist.gov/itl/csd/3rd-cyb...ego-ca.cfm

    Richard Clark
    InduSoft TMS
    You are not authorized to post a reply.