[1]This article from the Houston Chronicle highlights the need for
layered security including proper VLAN design to segregate & contain
malware as part of security:
Malicious software unintentionally downloaded by offshore oil
workers has incapacitated computer networks on some rigs and
platforms, exposing gaps in security that could pose serious risks
to people and the environment, cybersecurity professionals told the
Houston Chronicle.
The worst-case scenario could be catastrophic: A malfunctioning rig
and safety systems could cause a well blowout, explosion, oil spill
and lost human lives, experts said.
The way the article reads it seems like these platforms have large flat
LANs, where employees' personal equipment is on the same network as the
production equipment. I'm a fan of placing SCADA systems in their own
VLAN with non-routable IP addressing - Internet and the rest of your
local network. Place a physical firewall device between the SCADA LAN
and the regular LAN, but lock that firewall down. Selectively open
ports for maintenance and restrict when done. Monitor the heck out of
the thing.
InfoSec professionals, how would you handle this type of situation?
via [2]Malware on oil rig computers raises security fears - Houston
Chronicle.
__________________________________________________________________
My original entry is here: [3]Malware on oil rig computers raises
security fears - Houston Chronicle. It posted Mon, 25 Feb 2013 11:59:28
+0000.
Filed under: defense in depth, firewall, InfoSec, malware, vlan,
References
1.
http://www.houstonchronicle.com/business/energy/article/Malware-on-oil-rig-computers-raises-security-fears-4301773.php?t=1b259d62f3b05374ef&t=1b259d62f3
2.
http://www.houstonchronicle.com/business/energy/article/Malware-on-oil-rig-computers-raises-security-fears-4301773.php?t=1b259d62f3b05374ef&t=1b259d62f3
3.
https://www.prjorgensen.com/2013/02/25/malware-on-oil-rig-computers-raises-security-fears-houston-chronicle/
