Cyber security advice from the field

Cyber security advice from the field

In an interview with Control Engineering, Michael Assante and Tim Conway offer security suggestions for plant operators.

Peter Welander

In February, the SANS Institute held its ICS and SCADA Security Summit near Orlando, Fla. Control Engineering was able to spend some time with Michael Assante and Tim Conway, who were both on the program. Assante is currently ICS and SCADA lead for SANS, and was vice president and chief security officer at NERC. He led a key control systems group at Idaho National Labs, and was vice president and chief security officer for American Electric Power. Conway is director of NERC compliance and operations technology at NIPSCO. Matt Luallen, frequent security contributor, asked the questions. The complete 28-minute video discussion covers a range of topics, including:

• What to do when your systems have been compromised
• Critical resources to have available in the wake of a break-in
• Suggestions for planning and deploying training resources
• Surviving and thriving when corporate IT moves into the plant, and
• Suggestions for combating spear phishing and social engineering against your people.

The observations from these cyber security practitioners can provide practical guidelines as you face your own real-world challenges.

Peter Welander,