No hands-on experience but I've done a little digging on the topic. Most of the info (whitepapers, academic articles, prezos) is the normal blah blah blah best practices (policy/firewall/ids/pentest) vs. low level details of specific control system vulnerabilities. The most interesting things I ran across (sorry no URLs but they should be in google): Barry C. Ezell, _Risks of Cyber Attack to Supervisory Control and Data Acquisition for Water Supply_ (Master's Thesis, UVA, 1998) Joe Wiess, _Information Security Needs and Issues for Control Systems_ (Prezo at EEI/AGA IT Conference, 14 Jan '02) There were a few interesting prezos at the ICCC (Common Criteria) meeting on archictectural security issues for control systems a month or so ago but they still haven't released the CD-ROMs yet. Work is being done at Argonne/Sandia National labs on this type of stuff. Also NIST (especially PCSRF http://www.isd.mel.nist.gov/projects/processcontrol/) Riptech is also active on the commercial side. BTW, there is a conference at the end of the month in Vancouver on SCADA security that might be promising. See http://www.kemaseminars.com - mdf > Has anyone had any experience with SCADA systems? > > > Gaziel Avishay, > Information Risk Management > KPMG Somech-Chaikin > 972-3-6848606 > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Jul 08 2002 - 10:25:17 PDT