SANS Survey on the Security Practices of SCADA System Operators

Oct 24, 2012, 16:13 ET from SANS Institute

Register to enter iPad drawing

BETHESDA, Md., Oct. 24, 2012 /PRNewswire-USNewswire/ -- SANS Institute is asking those who work for SCADA and other control systems operators to take a 10-minute survey to reveal the level of awareness system operators have around cyber risk, their attempts to manage that risk, and how their efforts are working out so far.

"We suspect that the system operators taking this survey will have a high level of awareness given all the news of Stuxnet and its predecessors," says Deb Radcliff, executive editor of the SANS Analyst Program. "We're also hoping to learn from the experiences of SCADA operators and pinpoint the areas that need the most attention."

The survey, sponsored by ABB industrial systems, Industrial Defender, and Splunk, aims to take this information to help push improvements in an industry where the systems are so sensitive that patching is rare and logs are often not natively generated. Yet these same systems are opening vulnerable connections to the grid, the Internet and even to hand-held devices.

"Control systems cyber assets represent valuable infrastructure targets to attackers, and they require protection from the outside and on the inside. With the proper industry response, this survey and subsequent paper will serve as a basis for what we have been doing and what we should be doing to protect these critical assets," says Matthew Luallen, a senior SANS Analyst and SCADA / process control system expert who teaches on this subject at DePaul University.

The survey will be open until December 18. Results will be released during a webcast held on February 20, 2013 at 1 PM EST. Those who register for the webcast will be among the first to receive an advanced copy of the published results paper developed by Mr. Luallen.

Not only will respondents help shape industry practices, they can also register to be entered into our iPad drawing!  Follow this survey link to begin:

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and by far the largest source for information security training and security certification in the world. In addition to world-class training, SANS offers certification via the ANSI accredited GIAC security certification program. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, newsletters, and it operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.