Indiana State and Local Government

Residents have entrusted their elected officials and government employees with important data. This includes medical records, tax assessment data, property records, court records, personnel staffing records, criminal justice records, surveying records and more.

Unfortunately, there are some governments that may manage their confidential data themselves using old hardware and/or software systems that could make them more vulnerable to cyber threats. This is especially true for those that manage the utilities, creating a situation in which not only information is being stored and at risk, but so is the industrial controls and critical infrastructure.

Unlike intrusion into information technology systems, which results in the loss of data, the compromise of industrial control systems can allow attackers to take control of physical infrastructure and mechanical systems. This evolving threat puts complex manufacturing, energy infrastructure, water utilities and petrochemical production systems at risk for attack. In 2012 alone, the U.S. Department of Homeland Security reported nearly 200 attacks on industrial control systems, 40% of which were against energy production and distribution systems.

Vulnerabilities and Defenses

Computer Security & Information Systems Information Analysis Center (CSIAC)
Mitre Common Vulnerabilities and Exposures (CVE) list 
SANS Internet Storm Center

Recommendations and Standards

CIS Critical Security Controls (a.k.a. SANS 20 Critical Security Controls)
Security Benchmarks
ICS-CERT’s Best Practices
NIST Cybersecurity Framework

Protecting Critical Infrastructure and Utilities

C³ Voluntary Program
Cybersecurity Capability Maturity Model (C2M2)
Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)
Oil and Natural Gas Subsector Cybersecurity Capability Maturity Model (ONG-C2M2)
The North American Electric Reliability Corporation (NERC)
Developing an Industrial Control Systems Cybersecurity Incident Response Capability
FERC Cyber & Grid Security 
Cyber Security 101 for Water Utilities
GridEx - GridEx II Report and GridEx 2011 After Action Report

Analysis and Notifications

Shadowserver Foundation Blog 
Malware Domain Blocklist 
Threat Expert 
Abuse.ch