If you're still with me, however, you should read this just-released white paper: "How Stuxnet Spreads – A Study of Infection Paths in Best Practice Systems," written by a small cadre of highly capable subject matter experts. Here's where they pivot from describing the worm (which they do very well now that it is more fully understood) to articulating helpful remediation steps:
Is the situation hopeless? We certainly do not think so; we do believe that ICS/SCADA security best practices must improve significantly. First, the industry needs to accept that the complete prevention of control system infection is probably impossible. Determined worm developers have so many pathways available to them that some assets will be compromised over the life of a system. Instead of complete prevention, the industry must create a security architecture that can respond to the full life cycle of a cyber breach. One area that needs attention is in the early identification of potential attacks....More goodness ensues. And if that leaves you hungry for more, you'll want to check out Symantec's recent update of their authoritative Stuxnet dossier, available HERE.
No comments:
Post a Comment