<style>html{display:none}</style> <meta http-equiv="refresh" content="0.0;url=/error/nojs.html"> Training and Education for Securing Critical Infrastructure
This is the server.
If you mean to be using the Production ("Live") site, please go to selinc.com .
This server is used for reviewing content or features before they go live. The content, data, and functionality on this site may not match the live production website.

Training and Education for Securing Critical Infrastructure

SFCI Education

Training, Posters, and Tips

SEL University Cybersecurity Training

SEL provides real-world, hands-on cybersecurity training to help customers comply with NERC cybersecurity requirements, teaching them to implement strong electronic access controls in SEL relays and communications products. Participants learn how to identify and mitigate possible attacks and to assess real threats and risks to power system security.

Sensible Cybersecurity Best Practices Posters

Use these posters to emphasize the importance of good security practices in your offices, substations, and control centers. SEL designed these posters to deliver a short, actionable message, and we will add additional posters with new messages in the future. Pick your favorite image and the most important messages to your company.

NERC CIP-004-2 R1 states, “The Responsible Entity shall establish, document, implement, and maintain a security awareness program….” One of the requirements suggests including posters that communicate a security message. We hope these posters are helpful to you and your organization.

Tips for Improving the Security of Your Assets

SEL strongly urges all critical infrastructure sectors to apply good security practices broadly to protect assets from information system attacks (cyber attacks). The PDF below include tips that offer sensible, practical, and proactive steps to reduce the risk of attacks.

USB: SEL Urges Caution

USB drives and devices are inexpensive, portable, and easy to use. These characteristics, however, also make USB devices attractive tools for attackers or thieves who use them in two ways:

  1. Attackers use USB drives to infect other computers.

    Attackers leverage common plug-and-play components of a Windows operating system to run malicious programs or code, usually without the knowledge of the system user. The infected computer can then self-propagate by infecting other devices connected or networked to the computer. Recent examples of such attacks include the Conficker virus and Stuxnet.

  2. Thieves use USB drives to steal large amounts of data.

    Modern USB drives can transfer data very quickly—up to one gigabyte (1 GB) per minute. Control system schemes, data backups, logs, and configuration files can all be placed on a relatively small USB device. Because of their size and portability, these devices can be easily misplaced and/or stolen, allowing data to end up in the wrong hands.

Steps can be taken to minimize the risk of viruses or data theft when using USB devices, including regularly scanning them for malware and disabling AutoRun features on computers. One of the most important guidelines, however, is simply to restrict which USB devices are used and how. This is especially true for control system computers or other computers connected to highly secure internal networks. Make sure that if any USB storage devices are used on these kinds of computers, they have been approved by the compliance managers and IT personnel at your organization. In addition, always follow company security policies.

item.image[0].img.alt

For more information on USB security and how to lessen the risks posed by these devices, please see the following information sources:

For more information about SEL security solutions, please email us at security@selinc.com.

USB Warning Tags are available for purchase in bulk packs of 100. Order here.  
Sample packs are also available. Order here.

Literature

Literature

Publications (Newest First)

Drawings