Reduce Vulnerability to Cyber Attacks? - Schneider Electric CZ, s.r.o.
Reduce Vulnerability to Cyber Attacks? - Schneider Electric CZ, s.r.o.
Reduce Vulnerability to Cyber Attacks? - Schneider Electric CZ, s.r.o.
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
1 – Introduction<br />
slowed <strong>to</strong> the point where the system is unusable. Another type of DoS attack floods the network<br />
with traffic such as TCP SYN, affecting network response times <strong>to</strong> the point where legitimate use<br />
is severely impacted.<br />
1.7. Accidental Events<br />
Experts attribute more than 75% of network-related system outages <strong>to</strong> accidental events. Causes<br />
of these accidents can include poor network design, programming errors, improperly functioning<br />
network devices, non-compliance with procedures, or human error such as accidentally<br />
connecting network cables in wrong ports. Many of the security features and processes<br />
discussed in this document can also mitigate accidental events.<br />
In many cases, contrac<strong>to</strong>rs contribute directly <strong>to</strong> system design, commissioning, or maintenance.<br />
Operational procedures should be refined so that contrac<strong>to</strong>rs cannot introduce malware or<br />
vulnerabilities in<strong>to</strong> the control network. For instance, au<strong>to</strong>matically scan contrac<strong>to</strong>r equipment for<br />
malware infection before allowing access <strong>to</strong> any control network equipment. USB keys are<br />
another common source of malware infection and should be carefully screened before permitting<br />
their use.<br />
Individuals who inadvertently connect a network cable in<strong>to</strong> the wrong port on a multi-port switch<br />
can create outages or broadcast s<strong>to</strong>rms that could disable the network or severely affect its<br />
performance.<br />
In general, the cause might be accidental, but the features, practices, and procedures used for<br />
cyber security work equally well against accidental system outages.<br />
Whether an incident is an accident or deliberate attack, preparation is essential. Incident recovery<br />
methods should be developed and tested so that recovery from an outage or other events can be<br />
quickly and reliably managed. High availability and redundant architectures play a role in this area<br />
when even short system outages cannot be <strong>to</strong>lerated.<br />
© 2012 <strong>Schneider</strong> <strong>Electric</strong> All Rights Reserved<br />
24