We're reviving an oldie-but-a-goodie this week as we revisit the heart of Critical Infrastructure Protection and SCADA security and its weak spots.
In an article with CSOonline and Steve Ragan, Phil Grimes, RedLegg's Director of Assessments, gives readers the deep-cut security scoop on CIP...
"Grimes spent years helping entities operating critical infrastructure organizations better understand their security posture and in some cases helped determine CIP compliance. 'CIP does work. That's why we haven't seen a major breach in the U.S. or Canada. We've seen this kind of thing happen in other places, but because of these protections, it's proven to work. But it's not the end all, be all.'
So, after an entity achieves CIP compliance, where do the weak points still exist? CSO Online asked Grimes to share some war stories, which we've outlined by section below. However, there is an interesting crossover, as many of the problems Grimes outlined can also apply to organizations outside of the energy sector."