Their use of social engineering, vulnerability exploits, a specialized malware not only make targeted attack campaigns high-priority threats, they also make them difficult to defend against. To mitigate such threats, a custom defense strategy is required.
The U.S. government held a mock cyberattack against a fictitious chemical company as part of the Department of Homeland Security's efforts to help private-sector companies prepare for and deal with cybersecurity issues.
Due to operational "optimization", the SCADA threat landscape now begins to look a lot like the network security landscape that we all know and respect — one of constant vigilance and constant defensive threat posture.
Why SCADA systems should never be connected in any way, shape, or form to the public Internet, and how business decisions over the course of the past 15 years have allowed the "public" and "private" networks to become dangerously close in p