- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
SAN FRANCISCO -- The nation’s energy companies are scrambling to meet government regulations going into effect as soon as January that in part are designed to safeguard the computer-based control systems for electricity and gas distribution from cyberattacks.
Top energy IT officials say they are challenged to meet the new rules because the massive systems control and data acquisition (SCADA) systems used to manage their resources increasingly are based on Windows and Unix but weren’t really designed with network security in mind. The systems often don’t work easily with antivirus software and can be tough to patch, they say.
In addition, the SCADA systems increasingly share the same corporate network as other business applications, but the people running the SCADA and voice/data networks are on separate teams. “In companies I’ve seen, they choose to be separate," said Evon Salle, senior information systems auditor at OGE Energy, in Oklahoma City, and a forum participant at the IT Security World Conference here.
Congress took up the cause of greater SCADA security after a massive power blackout in the summer of 2003, passing legislation that has led to the creation of nine Critical Infrastructure Protection (CIP) rules.
These were devised under the aegis of the North American Electric Reliability Council (NERC), the trade group recently chosen by the Federal Energy Regulatory Commission to set mandatory security standards for the energy sector. NERC also is expected to be in charge of rules enforcement, which could include dishing out million-dollar fines for noncompliance.
The CIP rules cover areas such as reporting sabotage, ensuring physical security, monitoring and running antivirus controls, and doing patch updates on all critical assets, including control centers, substations and SCADA systems.
Energy companies say they’re prodding SCADA operations groups to work with the corporate IT departments to impose firewalls, access control, encryption and antivirus controls if they weren’t there before. But technical challenges remain.
“A lot of times you won’t have virus protection in a SCADA environment," Salle said.
“Virus software, such as from McAfee and Symantec, thinks the SCADA system is a virus and that’s why you can’t run it."
Rss FeedRss Feed
Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...
Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch OfficesThis paper reviews the problem of creating a network where the dynamic availability of services is...
Enterprise Data Center Network Reference ArchitectureUsing a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...
The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...
We have so many holes punched in our firewalls today that many industry insiders question the value...
IP address management in 2008 - six things to knowRead this Network World Special Brief to learn how Enterprise IT managers must update their...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment