Use these posters to emphasize the importance of good security practices in your offices, substations, and control centers. SEL designed these posters to deliver a short, actionable message, and we will add additional posters with new messages in the future. Pick your favorite image and the most important messages to your company.
NERC CIP-004-2 R1 states, “The Responsible Entity shall establish, document, implement, and maintain a security awareness program….” One of the requirements suggests including posters that communicate a security message. We hope these posters are helpful to you and your organization.
SEL strongly urges all critical infrastructure sectors to apply good security practices broadly to protect assets from information system attacks (cyber attacks). The PDF below include tips that offer sensible, practical, and proactive steps to reduce the risk of attacks.
USB drives and devices are inexpensive, portable, and easy to use. These characteristics, however, also make USB devices attractive tools for attackers or thieves who use them in two ways:
Attackers leverage common plug-and-play components of a Windows operating system to run malicious programs or code, usually without the knowledge of the system user. The infected computer can then self-propagate by infecting other devices connected or networked to the computer. Recent examples of such attacks include the Conficker virus and Stuxnet.
Modern USB drives can transfer data very quickly—up to one gigabyte (1 GB) per minute. Control system schemes, data backups, logs, and configuration files can all be placed on a relatively small USB device. Because of their size and portability, these devices can be easily misplaced and/or stolen, allowing data to end up in the wrong hands.
Steps can be taken to minimize the risk of viruses or data theft when using USB devices, including regularly scanning them for malware and disabling AutoRun features on computers. One of the most important guidelines, however, is simply to restrict which USB devices are used and how. This is especially true for control system computers or other computers connected to highly secure internal networks. Make sure that if any USB storage devices are used on these kinds of computers, they have been approved by the compliance managers and IT personnel at your organization. In addition, always follow company security policies.
For more information on USB security and how to lessen the risks posed by these devices, please see the following information sources:
For more information about SEL security solutions, please email us at firstname.lastname@example.org.