I have only limited experience doing technology audit work for gas/electric companies, not water. Don't know if you're looking for specific applications/products or general stuff. So... I suggest looking at the NIST Critical Infrastructure Protection guidelines (http://www.mel.nist.gov/proj/cip.htm) and National Information Assurance Program (NIAP) Process Control Security Requirements Forum (PCSRF) (http://www.isd.mel.nist.gov/projects/processcontrol/). Here's a good paper to read, which I think was done for the PCSRF and ISO/IEC 15408: http://www.isd.mel.nist.gov/documents/falco/ITSecurityProcess.pdf There are lots of SCADA sites, but the Gas Technology Institute/American Gas Association Encryption page has some good pointers (http://www.gtiservices.org/security/) And here's the Department of Energy (DoE) guide to CyberSecurity. http://oea.dis.anl.gov/documents/21StepsBooklet.pdf Pretty basic, but definitely a good thing to know about to cover your bases if you have to work with them. I also have industry and government contacts that I potentially ask for more specific information if you have any. Hope that helps, +++ ------------------------------------------------------------- +++ Davi Ottenheimer, CISSP Synchron Networks, Inc. Chief Security Engineer www.synchronnetworks.com email: mailto:daviat_private 100 Enterprise Way, C230 emergency: mailto:8315884778at_private Scotts Valley, CA 95066 > -----Original Message----- > From: David Barnett [mailto:dbarn064at_private] > Sent: Friday, January 17, 2003 2:13 PM > To: pen-testat_private > Subject: Risk/Threat Assessments for Utility specific > software/hardware > > > > > A company I am consulting with does Water and Energy > consulting work. I > > have built up a good relationship with them during my > security assessment > > consultations. They are now trying to bid on Government work > concerning the > > safety of Utility Companies. I was asked about my knowledge > of vertical > > software such as Embedded OSes and their Utility software > applications. > > Does anyone have any experience in this area, or can point me > to any such > > information. > > > > Many thanks, > > > > David Barnett > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus Security > Intelligence Alert (SIA) Service. For more information on > SecurityFocus' SIA service which automatically alerts you to > the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 09:00:09 PST