Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Critical Infrastructure Control Regulations in USA

LogRhythm : 07 February, 2012  (Technical Article)
LogRhythm comments on the US plans to regulate critical infrastructure protection and how the UK could follow suit to its advantage
Critical Infrastructure Control Regulations in USA
A Senate plan to boost the US government’s ability to regulate the security of companies responsible for critical industries is causing debate as to exactly how far its reach should be. With sophisticated attacks, such as Stuxnet and Duqu, on the rise, the legislation would aim to ensure organisations that oversee systems running utilities, power plants and other critical infrastructure have the necessary measures in place to ensure their security. At present it is estimated that as much as 85 percent of America’s critical infrastructure is owned and operated by private companies.

Ross Brewer, vice president and managing director for international markets, LogRhythm, has made the following comments:

“This is an important move and one that should be considered in the UK. Attacks on critical systems are on the increase and have the potential to negatively impact the economy and even the safety of citizens. It is vitally important that companies entrusted with this responsibility are held to account and can validate that measures have been taken to protect control systems.

“Some concerns have been voiced about this move giving authorities too much power over private organisations, however, this does not have to be the case. A relatively simple and non-intrusive move would be to legislate these organisations into deploying Protective Monitoring systems. A large proportion of IT breaches today are a result of companies lacking visibility into the activity taking place across their networks. Continuous monitoring of the log data generated by systems provides the visibility and traceability required to piece together seemingly isolated events to identify aberrant activity.

“This traceability is especially relevant when trying to detect attacks on public utility control systems like SCADA (supervisory control and data acquisition). Many control system components inherently trust the environment and do not natively create security events - as a result, they tend to rely on separate—and possibly not implemented—control system historian and change management functions to record operational events. To defend critical infrastructures it is not only essential that these controls are deployed, organisations also require Protective Monitoring to collect and analyse the data that is generated. It is only via the combination of approaches such as these that control systems can be defended against the malicious intentions of would-be hackers.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo