To a certain extent, some utilities are, including the one I work for. Our SCADA systems are being migrated to a protected network, totally isolated from the utility side, with ports locked down and only communicating to specific servers on the DMZ. The data that has to be sent to the utility side is extracted from tables in our DMZ. The workstations and servers are managed with AD, including instituting lockdown GPO's on both, so that in essence the XP workstation will be just a SCADA terminal, incapable of doing anything else in the context of operator accounts. Our security team has started doing intrusion and vulnerability scans on all our SCADA networks and systems that have been migrated to W2K3 server and XP, helping us find security flaws and fixing them where we can. We set up VPN access to the DMZ for our vendors to support the systems. We shutdown any process on our servers and workstations that have no intrinsic necessity for OS functionality or SCADA operation and could be exploited. We don't allow any wireless connectivity and the SCADA systems are physically located in secure locations. I can't speak for whether any of our SCADA systems use ICCP but I do know that strict policies are in place on both our network firewall and desktop firewalls to prevent use of telnet, ssh & ftp amongst others.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11396/33988#33988