Indiana State and Local Government
Residents have entrusted their elected officials and government employees with important data. This includes medical records, tax assessment data, property records, court records, personnel staffing records, criminal justice records, surveying records and more.
Unfortunately, there are some governments that may manage their confidential data themselves using old hardware and/or software systems that could make them more vulnerable to cyber threats. This is especially true for those that manage the utilities, creating a situation in which not only information is being stored and at risk, but so is the industrial controls and critical infrastructure.
Unlike intrusion into information technology systems, which results in the loss of data, the compromise of industrial control systems can allow attackers to take control of physical infrastructure and mechanical systems. This evolving threat puts complex manufacturing, energy infrastructure, water utilities and petrochemical production systems at risk for attack. In 2012 alone, the U.S. Department of Homeland Security reported nearly 200 attacks on industrial control systems, 40% of which were against energy production and distribution systems.
Vulnerabilities and Defenses
Recommendations and Standards
Protecting Critical Infrastructure and Utilities
C³ Voluntary Program
Cybersecurity Capability Maturity Model (C2M2)
Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)
Oil and Natural Gas Subsector Cybersecurity Capability Maturity Model (ONG-C2M2)
The North American Electric Reliability Corporation (NERC)
Developing an Industrial Control Systems Cybersecurity Incident Response Capability
FERC Cyber & Grid Security
Cyber Security 101 for Water Utilities
GridEx - GridEx II Report and GridEx 2011 After Action Report