SCADA系统安全完全攻略

21 Steps to Improve Cyber Security of SCADA Networks Introduction Supervisory control and data acquisition (SCADA) networks contain computers and applications that perform key functions in providing essential services and commodities (e.g., electricity, natural gas, gasoline, water, waste treatment, transportation) to all Americans. As such, they are part of the nation’s critical infrastructure and require protection from a variety of threats that exist in cyber space today. By allowing the collection and analysis of data and control of equipment such as pumps and valves from remote locations, SCADA networks provide great efficiency and are widely used. However, they also present a security risk. SCADA networks were initially designed to maximize functionality, with little attention paid to security. As a result, performance, reliability, flexibility and safety of distributed control/SCADA systems are robust, while the security of these systems is often weak. This makes some SCADA networks potentially vulnerable to disruption of service, process redirection, or manipulation of operational data that could result in public safety concerns and/or serious disruptions to the nation’s critical infrastructure. Action is required by all organizations, government or commercial, to secure their SCADA networks as part of the effort to adequately protect the nation’s critical infrastructure. The President’s Critical Infrastructure Protection Board, and the SCADA系统安全完全攻略 介绍 监控和数据采集(SCADA)网络包含为了给所有美国人提供基本服务和大宗商品(如电力、天然气、汽油、水、废物处理、运输) 执行关键功能的计算机和应用程序。因此，它们是这个国家的重要基础设施的一部分，需要保护免遭各种各样存在于的网络空间的威胁。通过允许从远程位置收集和分析数据、控制设备,比如泵和阀门，SCADA网络提供巨大的效率并被广泛使用。然而,他们也存在安全风险。SCADA网络最初是设计来最大化功能，很少注意安全。因此,性能、可靠性、灵活性和安全的分布式控制/ SCADA系统是健壮的，而这些系统的安全孱弱。这使得一些SCADA网络可能容易受到中断服务、过程重定向,或操作运行数据，这可能导致公共安全的担忧和/或严重破坏国家关键基础设施。行动必须由所有组织——政府或商业——把保护他们的SCADA网络作为充分保护国家关键设施的工作的一部分。 总统的关键基础设施保护委员会和能源部，开发了这里列出的概括的步骤来帮助任何组织提高其SCADA网络的安全。这些步骤并不意味着硬性规定或包罗Department of Energy, have developed the steps outlined here to help any organization improve the security of its SCADA networks. These steps are not meant to be prescriptive or all-inclusive. However, they do address essential actions to be taken to improve the protection of SCADA networks. The steps are divided into two categories: specific actions to improve implementation, and actions to establish essential underlying management processes and policies. Background President Bush created the President’s Critical Infrastructure Protection Board in October 2001 through Executive Order 13231 to coordinate all Federal activities related to the protection of information systems and networks supporting critical infrastructures, including: . Federal departments and agencies . Private Sector companies that operate critical infrastructures . State and local government’s critical infrastructures . Related national security programs. The Department of Energy plays a key role in protecting the critical energy infrastructure of the nation as specified in the National Strategy for Homeland Security. In fulfilling this responsibility, the Secretary of Energy’s Office of Independent Oversight and Performance Assurance has conducted a number of assessments of organizations with SCADA networks to develop an in-depth understanding of SCADA networks and steps necessary to secure these networks. The Office of Energy 万象。然而，他们确实给出了改善保护SCADA网络所必须采取的行动。这些步骤通常分为两类：一类是改善实施的具体措施、另一类是建立基本底层管理流程和策略的行动。 背景 2001年10月，布什总统创建了总统的关键基础设施保护委员会，通过13231号行政命令来协调与保护支持关键基础设施的信息系统和网络相关的全部联邦活动，包括：  联邦政府部门和机构  经营的关键基础设施的私营企业  州和地方政府的关键基础设施  相关的国家安全项目。 关于国土安全的国家战略规定了能源部在保护国家重要能源基础设施中起着关键的作用。为履行这一责任，负责独立监管和性能保证能源部长办公室已经做Assurance also fulfills Energy Department responsibilities through their work with Federal, State, and private partners to protect the National Energy Infrastructure, improve energy reliability, and assist in energy emergency response efforts. The following steps focus on specific actions to be taken to increase the security of SCADA networks: 1. Identify all connections to SCADA networks. Conduct a thorough risk analysis to assess the risk and necessity of each connection to the SCADA network. Develop a comprehensive understanding of all connections to the SCADA network, and how well these connections are protected. Identify and evaluate the following types of connections: . Internal local area and wide area networks, including business networks . The Internet . Wireless network devices, including satellite uplinks . Modem or dial-up connections . Connections to business partners, vendors or regulatory agencies 了一系列与SCADA网络相关的组织的评估， 对SCADA网络进行了深入理解和制定出必要措施来确保这些网络。能源保障办公室也履行了能源部的职责，通过与联邦、州和私营合作伙伴协同工作为保护国家能源基础设施,提高能源的可靠性，并协助能源紧急援助。 以下步骤专注于应采取的特定行动以加强SCADA网络的安全性： 1、识别所有与SCADA网络的连接。 进行一次彻底的风险分析来评估风险以及和SCADA网络的每一个连接的必要性。全面的理解与SCADA网络所有连接,以及这些连接是如何受保护的。确定和评估以下类型的连接:  内部广域和局域网络，包括商业网络  互联网  无线网络设备,包括卫星上行链路  调制解调器或拨号连接  连接到业务合作伙伴、供应商或监管机构 2. Disconnect unnecessary connections to the SCADA network. To ensure the highest degree of security of SCADA systems, isolate the SCADA network from other network connections to as great a degree as possible. Any connection to another network introduces security risks, particularly if the connection creates a pathway from or to the Internet. Although direct connections with other networks may allow important information to be passed efficiently and conveniently, insecure connections are simply not worth the risk; isolation of the SCADA network must be a primary goal to provide needed protection. Strategies such as utilization of “demilitarized zones” (DMZs) and data warehousing can facilitate the secure transfer of data from the SCADA network to business networks. However, they must be designed and implemented properly to avoid introduction of additional risk through improper configuration. 3. Evaluate and strengthen the security of any remaining connections to the SCADA network. Conduct penetration testing or vulnerability analysis of any remaining connections to the SCADA network to evaluate the protection posture associated with these pathways. Use this information in conjunction with risk management processes to develop a robust protection strategy for any pathways to the SCADA network. Since the SCADA network is only as secure as its weakest connecting point, it is essential to implement firewalls, intrusion detection systems (IDSs), 2、 断开不必要的与SCADA网络的连接。 为确保SCADA系统最高程度的安全、应尽最大可能隔离SCADA网络与其他网络的连接。任何到另一个网络连接都会引入安全风险，尤其是这个连接与互联网存在连接路径时。虽然与其他网络直接连接可能让重要的信息传递高效和方便，不安全的连接不值得去冒险；SCADA网络的隔离必须是一个主要目标,以提供必要的保护。例如利用“DMZ”和数据仓库的策略可以促进SCADA网络与商业网络之间的数据的安全传输。然而，它们必须恰当的设计和实施以避免通过不适当的配置引入额外的风险。 3、评估并加强任何剩下的与SCADA网络连接的安全。 对任何剩下的与SCADA网络的连接进行渗透测试或脆弱性分析，评估与此相关的通路的保护状态。对于到达SCADA网络的任何途径，使用这些信息结合风险管理流程开发一个健壮的保护策略。由于SCADA网络是否安全取决于其最薄弱连接点，部署防火墙、入侵检测系统(IDSs)和其他适当的安全措施在每and other appropriate security measures at each point of entry. Configure firewall rules to prohibit access from and to the SCADA network, and be as specific as possible when permitting approved connections. For example, an Independent System Operator (ISO) should not be granted “blanket” network access simply because there is a need for a connection to certain components of the SCADA system. Strategically place IDSs at each entry point to alert security personnel of potential breaches of network security. Organization management must understand and accept responsibility for risks associated with any connection to the SCADA network. 4. Harden SCADA networks by removing or disabling unnecessary services. SCADA control servers built on commercial or open-source operating systems can be exposed to attack through default network services. To the greatest degree possible, remove or disable unused services and network daemons to reduce the risk of direct attack. This is particularly important when SCADA networks are interconnected with other networks. Do not permit a service or feature on a SCADA network unless a thorough risk assessment of the consequences of allowing the service/feature shows that the benefits of the service/feature far outweigh the potential for vulnerability exploitation. Examples of services to remove from SCADA networks include automated meter 个接入点是十分必要的。配置防火墙规则，禁止访问SCADA网络，并且对允许的连接尽量明确。例如，因为一个仅仅需要到SCADA系统的某个组件的一个连接的独立系统运营商(ISO)不应该被授予“全局”（blanket）的网络访问权限。Ids策略性的部署在每一个入口，网络安保人员可以及时发现潜在的网络安全的缺口。组织管理必须理解并接受与SCADA网络连接的相关风险的责任。 4、通过删除或禁用不必要的服务，硬化SCADA网络。 SCADA控制服务器建立在商业或开源的操作系统可能通过默认的网络服务暴露于攻击面前。尽最大可能删除或禁止未使用的服务和网络守护进程来降低风险的直接攻击。当SCADA网络与其他网络是相互联系时是特别重要的。除非有一个全面的风险评估的后果表明服务/功能的好处远远大于潜在的漏洞利用，应禁止SCADA网络上的服务或功能。从SCADA网络禁止服务的例子包括自动抄表/远程计费系统、电子邮件服务和互联网接入。禁止的功能的例子是远程维护。许多安全的配置指南包括商业的和开源的操作系统是在公共领域,如美国reading/remote billing systems, email services, and Internet access. An 国家安全局的一系列安全指南。此外，与SCADA供应商密切合作确定安全配example of a feature to disable is remote maintenance. Numerous secure configuration guidelines for both commercial and open source 置和协调任何对操作的系统更改以确保删除或禁用服务不会导致停机时间、服operating systems are in the public domain, such as the National 务中断或者失去技术支持。 Security Agency’s series of security guides. Additionally, work closely with SCADA vendors to identify secure configurations and coordinate any and all changes to operational systems to ensure that removing or disabling services does not cause downtime, interruption of service, or loss of support. 5、不要依靠专用协议来保护您的系统。 5. Do not rely on proprietary protocols to protect your system. Some SCADA systems use unique, proprietary protocols for 一些SCADA系统使用独特的、专有协议和现场设备和服务器之间通信。通常communications between field devices and servers. Often the security SCADA系统的安全仅仅是依赖这些协议的秘密。不幸的是，不出名的协议提供of SCADA systems is based solely on the secrecy of these protocols. Unfortunately, obscure protocols provide very little “real” security. Do 很少的“真正的”安全。不要依靠专用协议或工厂默认配置设置来保护您的系not rely on proprietary protocols or factory default configuration 统。此外,要求供应商披露连接你的SCADA系统的任何后门或供应商接口，并settings to protect your system. Additionally, demand that vendors disclose any backdoors or vendor interfaces to your SCADA systems, 希望它们提供能得到保证的系统。 and expect them to provide systems that are capable of being secured. 6、部署设备和系统供应商所提供的安全功能。 6. Implement the security features provided by device and system vendors. Most older SCADA systems (most systems in use) have no security features whatsoever. SCADA system owners must insist that their system vendor implement security features in the form of product patches or upgrades. Some newer SCADA devices are shipped with basic security features, but these are usually disabled to ensure ease of installation. Analyze each SCADA device to determine whether security features are present. Additionally, factory default security settings (such as in computer network firewalls) are often set to provide maximum usability, but minimal security. Set all security features to provide the maximum level of security. Allow settings below maximum security only after a thorough risk assessment of the consequences of reducing the security level. 7. Establish strong controls over any medium that is used as a backdoor into the SCADA network. Where backdoors or vendor connections do exist in SCADA systems, strong authentication must be implemented to ensure secure communications. Modems, wireless, and wired networks used for communications and maintenance represent a significant vulnerability to the SCADA network and remote sites. Successful “war dialing” or “war driving” attacks could allow an attacker to bypass all other controls and have direct access to the SCADA network or resources. To minimize the risk of such attacks, disable inbound access and 最老旧的SCADA系统(大多数系统在使用)没有任何安全特性。SCADA系统的拥有者必须坚持由他们的系统供应商用产品补丁或升级的方式实现安全功能。一些较新的SCADA设备附带基本安全特性，但这些通常被禁用以确保容易安装。 分析每个SCADA设备来确定是否具备安全功能。此外，工厂默认安全设置(比如在计算机网络防火墙)经常被设置为提供最大的可用性，但是安全性最小。设置所有安全特性，的以提供最大程度的安全。允许设置服从于最大安全，而且是在经过全面的减少安全水平的风险评估后果之后。 7、对任何接入媒体都严格控制被用作SCADA网络的后门。 如果在SCADA系统确实存在后门或供应商的连接，必须实现强大的身份验证以确保安全通信。用于通信和维护的调制解调器、无线、有线网络呈现出SCADA网络和远程站点的重大漏洞。成功的“战争拨号”或“战争驱动”攻击可能使攻击者绕开所有其他控制直接访问SCADA网络或资源。要将此种攻击的风险降到最低，禁用入站访问，取而代之某种类型的回拨（callback）系统。 replace it with some type of callback system. 8. Implement internal and external intrusion detection systems and establish 24-hour-a-day incident monitoring. To be able to effectively respond to cyber attacks, establish an intrusion detection strategy that includes alerting network administrators of malicious network activity originating from internal or external sources. Intrusion detection system monitoring is essential 24 hours a day; this capability can be easily set up through a pager. Additionally, incident response procedures must be in place to allow an effective response to any attack. To complement network monitoring, enable logging on all systems and audit system logs daily to detect suspicious activity as soon as possible. 9. Perform technical audits of SCADA devices and networks, and any other connected networks, to identify security concerns. Technical audits of SCADA devices and networks are critical to ongoing security effectiveness. Many commercial and open-source security tools are available that allow system administrators to conduct audits of their systems/networks to identify active services, patch level, and common vulnerabilities. The use of these tools will not solve 8、实现内部和外部的入侵检测系统和建立全天不间断事件监测。 为了有能力有效地应对网络攻击，建立一套入侵检测策略。包括对来自内部或外部源的恶意网络活动向网络管理员发出警示。一天24小时不断地监控入侵检测系统是至关重要的。这种能力可以很容易地通过寻呼器设置。此外，事件响应过程必须到位,以有效应对任何攻击。为了完善网络监控，在所有系统上启用日志和每天进行系统日志审计以迅速检测可疑活动。 9、开展对SCADA设备和网络和任何其他相连网络的技术审计，找出安全问题。 SCADA设备和网络的技术审计安全的持续有效性至关重要。许多商业的和开放源代码的安全工具随处可得，这让系统管理员可以进行系统/网络的审计来确定活动的服务、补丁级别和常见的漏洞。使用这些工具不能解决系统问题,但是可以排除攻击者可以利用的“阻力最小的路径”。分析已找到的漏洞来确定它们的重要性，并适当地采取纠正行动。跟踪纠正措施和分析这些信息来确定趋势。systemic problems, but will eliminate the “paths of least resistance” that an attacker could exploit. Analyze identified vulnerabilities to determine their significance, and take corrective actions as appropriate. Track corrective actions and analyze this information to identify trends. Additionally, retest systems after corrective actions have been taken to ensure that vulnerabilities were actually eliminated. Scan non-production environments actively to identify and address potential problems. 10. Conduct physical security surveys and assess all remote sites connected to the SCADA network to evaluate their security. Any location that has a connection to the SCADA network is a target, especially unmanned or unguarded remote sites. Conduct a physical security survey and inventory access points at each facility that has a connection to the SCADA system. Identify and assess any source of information including remote telephone/computer network/fiber optic cables that could be tapped; radio and microwave links that are exploitable; computer terminals that could be accessed; and wireless local area network access points. Identify and eliminate single points of failure. The security of the site must be adequate to detect or prevent unauthorized access. Do not allow “live” network access points at remote, unguarded sites simply for convenience. 此外，已经采取纠正措施后重新测试系统确保实际上消除了漏洞。主动扫描非生产环境识别并解决潜在的问题。 10、进行物理安全调查和评估所有连接到SCADA网络的远程站点来评估他们的安全。 任何连接到SCADA网络的位置都是目标，特别是无人或无防护远程站点。在每一处连接到SCADA网络的设施进行物理安全调查并彻查接入点。确定和评估任何的信息来源，包括可以被隐蔽接入的远程电话/计算机网络/光纤电缆；可被用来攻击的无线和微波链接；可以被访问的计算机终端；无线局域网的访问点（AP）。识别和消除单点故障。站点的安全性必须足以被检测或防止未经授权的访问。不允许远程的“直播式的”的网络接入点和只为方便没有防护的站点。 11、建立SCADA“红队”,来识别和评估可能的攻击场景。 11. Establish SCADA “Red Teams” to identify and evaluate possible attack scenarios. Establish a “Red Team” to identify potential attack scenarios and evaluate potential system vulnerabilities. Use a variety of people who can provide insight into weaknesses of the overall network, SCADA systems, physical systems, and security controls. People who work on the system every day have great insight into the vulnerabilities of your SCADA network and should be consulted when identifying potential attack scenarios and possible consequences. Also, ensure that the risk from a malicious insider is fully evaluated, given that this represents one of the greatest threats to an organization. Feed information resulting from the “Red Team” evaluation into risk management processes to assess the information and establish appropriate protection strategies. The following steps focus on management actions to establish an effective cyber security program: 12. Clearly define cyber security roles, responsibilities, and authorities for managers, system administrators, and users. Organization personnel need to understand the specific expectations associated with protecting information technology resources through the definition of clear and logical roles and responsibilities. In addition, 建立一个“红队”来识别潜在的攻击场景和评估潜在的系统漏洞。使用一组可以洞察整体网络、SCADA系统、物理系统和安全控制的弱点的队员。这些每天在系统上工作的人可以洞察SCADA网络的漏洞，并且在需要识别潜在的攻击场景和可能的后果时提供咨询建议。同样，确保内部攻击的风险也得以全面评估，因为这代表了对一个组织的最大威胁。“红队”评估形成的信息应被提供给到风险管理流程，可以利用这些信息和建立适当的保护策略。 以下的步骤关注于建立有效的网络安全计划的管理行为： 12、清晰地定义网络安全角色、责任和主管人员、系统管理员和用户。 组织人员需要通过定义明确的和逻辑的角色和职责来了解与保护IT资源有关的具体的期望。此外，关键人员需要给予足够的权力来执行他们肩负的职责。通常，良好的网络安全依靠个人的主动性，这通常会导致不一致的实现和无效的key personnel need to be given sufficient authority to carry out their assigned responsibilities. Too often, good cyber security is left up to the initiative of the individual, which usually leads to inconsistent implementations and ineffective security. Establish a cyber security organizational structure that defines roles and responsibilities and clearly identifies how cyber security issues are escalated and who is notified in an emergency. 13. Document network architecture and identify systems that serve critical functions or contain sensitive information that require additional levels of protection. Develop and document a robust information security architecture as part of a process to establish an effective protection strategy. It is essential that organizations design their networks with security in mind and continue to have a strong understanding of their network architecture throughout its lifecycle. Of particular importance, an in-depth understanding of the functions that the systems perform and the sensitivity of the stored information is required. Without this understanding, risk cannot be properly assessed and protection strategies may not be sufficient. Documenting the information security architecture and its components is critical to understanding the overall protection strategy, and identifying single points of failure. 安全。建立一个网络安全的组织结构，在架构中定义角色和职责，清楚地标识出网络安全问题是如何逐步解决的，紧急情况下应该通知谁。 13、文档化网络体系结构，识别服务于关键功能或包含敏感信息的需要额外的级别的保护的系统。 开发并文档化一个健壮的信息安全体系结构作为建立一个有效的保护策略的过程的一部分,。至关重要的是，组织在设计他们的网络时就要有安全意识，并继续深刻理解他们的网络架构的整个生命周期。特别重要的是，需要更深刻的认识系统实现的功能和存储的敏感性信息。没有这方面的理解，风险无法进行正确的评估并且保护策略可能是不够的。记录信息安全体系结构及其组件是理解整体保护策略以及识别单点故障的关键步骤。 14、建立一个严格的、持续的风险管理流程。 14. Establish a rigorous, ongoing risk management process. A thorough understanding of the risks to network computing resources from denial-of-service attacks and the vulnerability of sensitive information to compromise is essential to an effective cyber security program. Risk assessments form the technical basis of this understanding and are critical to formulating effective strategies to mitigate vulnerabilities and preserve the integrity of computing resources. Initially, perform a baseline risk analysis based on a current threat assessment to use for developing a network protection strategy. Due to rapidly changing technology and the emergence of new threats on a daily basis, an ongoing risk assessment process is also needed so that routine changes can be made to the protection strategy to ensure it remains effective. Fundamental to risk management is identification of residual risk with a network protection strategy in place and acceptance of that risk by management. 15. Establish a network protection strategy based on the principle of defense-in-depth. A fundamental principle that must be part of any network protection strategy is defense-in-depth. Defense-in-depth must be considered early in the design phase of the development process, and must be an integral consideration in all technical decision-making associated with the network. Utilize technical and administrative controls to mitigate 透彻的理解网络计算资源的风险，对高效的网络安全项目是必须的。风险包括：DOS攻击、可以导致敏感信息受损的漏洞。风险评估形成了这种理解的技术依据，对规划有效的策略以减少脆弱性和保持计算资源的完整性也是关键。开始, 基于当前的威胁评估执行一个基线风险分析用于开发一个网络保护策略。由于快速变化的科技和每天出现的新威胁，一个持续进行的风险评估过程也是需要的以便对保护策略做出例行的改变以确保其仍然有效。风险管理的基础是识别一个网络保护策略生效后的残余风险，并通过管理接受这些风险。 15、建立基于纵深防护原则的网络保护策略。 任何网络保护策略都要采纳的一个基本原则就是纵深防护。在开发过程的设计阶段就要及早考虑纵深防护，并且必须在有关网络的所有技术决策中考虑进去。利用技术和管理控制来在所有网络层级尽作大可能减少来自已识别的风险的威胁。单一的故障点是必须避免的，网络安全防御必须分层以限制和包含任何安threats from identified risks to as great a degree as possible at all levels of the network. Single points of failure must be avoided, and cyber security defense must be layered to limit and contain the impact of any security incidents. Additionally, each layer must be protected against other systems at the same layer. For example, to protect against the insider threat, restrict users to access only those resources necessary to perform their job functions. 16. Clearly identify cyber security requirements. Organizations and companies need structured security programs with mandated requirements to establish expectations and allow personnel to be held accountable. Formalized policies and procedures are typically used to establish and institutionalize a cyber security program. A formal program is essential for establishing a consistent, standards-based approach to cyber security throughout an organization and eliminates sole dependence on individual initiative. Policies and procedures also inform employees of their specific cyber security responsibilities and the consequences of failing to meet those responsibilities. They also provide guidance regarding actions to be taken during a cyber security incident and promote efficient and effective actions during a time of crisis. As part of identifying cyber security requirements, include user agreements and notification and warning banners. Establish requirements to minimize the threat from malicious insiders, including the need for conducting background checks and limiting network privileges to those absolutely necessary. 全事件的影响。此外,每一层都必须能够防止在同一层的其他系统。例如,为了防止内部威胁，限制用户访问那些除了完成他们的工作职能所需要的资源以外的全部资源。 16、清楚地识别网络安全需求。 组织和公司需要结构化的强制要求的安全程序，建立期望和允许员工为自己的行为负责。条文化的政策和步骤通常用于建立和制度化一个网络安全项目。为在整个组织建立一个稳定的、基于标准的网络安全的方法以及消除唯一依赖个人的主动性，一个正式的项目至关重要的。政策和步骤也告知员工他们的特定的网络安全责任和未能履行这些责任的后果。他们还提供一个网络安全事件期间需要采取的行动的指南，促进在危机时期行动的高效和有效性。作为识别网络安全需求的一部分，包括用户协议和通知，警告标语。建立需求以最大限度地减少来自恶意内部人士的威胁,包括需要进行背景检查和限制网络权限仅对那些绝对必要的人。 17、建立有效的配置管理流程。 17. Establish effective configuration management processes. A fundamental management process needed to maintain a secure network is configuration management. Configuration management needs to cover both hardware configurations and software configurations. Changes to hardware or software can easily introduce vulnerabilities that undermine network security. Processes are required to evaluate and control any change to ensure that the network remains secure. Configuration management begins with well-tested and documented security baselines for your various systems. 18. Conduct routine self-assessments. Robust performance evaluation processes are needed to provide organizations with feedback on the effectiveness of cyber security policy and technical implementation. A sign of a mature organization is one that is able to self-identify issues, conduct root cause analyses, and implement effective corrective actions that address individual and systemic problems. Self-assessment processes that are normally part of an effective cyber security program include routine scanning for vulnerabilities, automated auditing of the network, and self-assessments of organizational and individual performance. 维护一个安全的网络所需的一个基本的管理过程是配置管理。配置管理需要涵盖硬件配置、软件配置。改变硬件或软件可以轻松引入破坏网络安全的漏洞。评估和控制任何变化的流程是必须的，以确保网络安全依旧。配置管理始于经过良好测试和记录在案的各种系统的安全基线。 18、执行例行的自我评价。 需要一个健壮的性能评估过程，为组织提供网络安全政策的有效性和技术实现的反馈。一个成熟的组织的一个迹象就是能够自我认定问题，进行根本原因分析和实施有效的纠正措施，解决个人和系统性的问题。自我评估的过程,通常是有效的网络安全项目的一部分，包括：例行漏洞扫描；自动化的网络审计和组织和个人表现的自我评价。 19、建立系统备份和灾难恢复计划。 19. Establish system backups and disaster recovery plans. Establish a disaster recovery plan that allows for rapid recovery from any emergency (including a cyber attack). System backups are an essential part of any plan and allow rapid reconstruction of the network. Routinely exercise disaster recovery plans to ensure that they work and that personnel are familiar with them. Make appropriate changes to disaster recovery plans based on lessons learned from exercises. 20. Senior organizational leadership should establish expectations for cyber security performance and hold individuals accountable for their performance. Effective cyber security performance requires commitment and leadership from senior managers in the organization. It is essential that senior management establish an expectation for strong cyber security and communicate this to their subordinate managers throughout the organization. It is also essential that senior organizational leadership establish a structure for implementation of a cyber security program. This structure will promote consistent implementation and the ability to sustain a strong cyber security program. It is then important for individuals to be held accountable for their performance as it relates to cyber security. This includes managers, system administrators, technicians, and users/operators. 建立一个灾难恢复计划，它可以快速摆脱任何紧急情况(包括网络攻击)。系统备份是任何计划不可或缺的组成部分，可以实现网络迅速重建。经常训练灾难恢复计划以确保它们可以执行和工作人员熟悉它们。根据从演习中学到的经验，对灾难恢复计划进行适当的修改。 20、高级组织领导应该建立网络安全性能的预期和使每个人他们的表现负责。 有效的网络安全表现需要组织的高级经理人的承诺和领导能力。至关重要的是，高级管理人员建立一个强大的网络安全的期望并就这个期望与他们整个组织的下属经理沟通。高级组织领导建立一个实现网络安全项目的结构也是必不可少的。这种结构将促进实现的一致性和能力来维持一个强大的网络安全计划。涉及到网络安全时，每个人对自己的行为负起责任也是重要的。这包括经理、系统管理员、技术人员和用户/运营商。 21、建立政策和组织培训使组织人员无意中披露SCADA系统设计、操作或安21. Establish policies and conduct training to minimize the likelihood that organizational personnel will inadvertently disclose sensitive information regarding SCADA system design, operations, or security controls. Release data related to the SCADA network only on a strict, need-to-know basis, and only to persons explicitly authorized to receive such information. “Social engineering,” the gathering of information about a computer or computer network via questions to naive users, is often the first step in a malicious attack on computer networks. The more information revealed about a computer or computer network, the more vulnerable the computer/network is. Never divulge data related to a SCADA network, including the names and contact information about the system operators/administrators, computer operating systems, and/or physical and logical locations of computers and network systems over telephones or to personnel unless they are explicitly authorized to receive such information. Any requests for information by unknown persons need to be sent to a central network security location for verification and fulfillment. People can be a weak link in an otherwise secure network. Conduct training and information awareness campaigns to ensure that personnel remain diligent in guarding sensitive network information, particularly their passwords. 全控制的敏感信息的可能性最小化。 发布SCADA网络的相关数据必须遵守严格的、仅需知道的基础，并且仅发布给经过严格授权能获取这些信息的人。 “社会工程”，收集计算机或计算机网络的信息，通过天真的用户的问题，通常是恶意攻击电脑网络的第一步。计算机或计算机网络的信息透漏的越多，计算机/网络越容易受到攻击。不允许通过电话或人员透露的SCADA网络的相关数据，包括系统运营商/管理员的名字和联系信息、计算机操作系统和/或计算机和网络系统的物理和逻辑的位置，除了那些经过严格授权可以接收这类信息的人员。任何身份不明的人的信息请求需要被发送到一个中央网络安全位置进行验证和实现。人可以是一个原本安全的网络中的一个薄弱环节。进行训练和信息意识竞赛，以确保人员用心地保护敏感的网络信息，尤其是他们的密码。