was a featured speaker during the session "Public Water Treatment Scenario" at this conference hosted by the American Bar Association Section of Environment, Energy and Resources.
Clearly there is a need for Critical Infrastructure companies to change their approach when it comes to planning for security. Security must be more than patch management or making sure that antivirus software is up to date. Short term tactics must anticipate long-term strategies that embrace all aspects of an operation. Utilities are particularly vulnerable to web application attacks and the installation of malware via inadvertent downloads and “drivebys.” Perpetrators are often motivated by ideology and seek a platform to display their propaganda or prowess. In this scenario, the compromise of a utility’s public-facing website and its supervisory control and data acquisition or SCADA controllers leads to the shutdown of its IT network and the overflow of its wastewater treatment process.
May 18, 2015
The George Washington University Law School / Washington, DC