Woke up this morning and found this in my mailbox: "$10,000,000 Settlement Agreement for NERC CIP Violations" from the SANS ICS forums.
The short story here is that the company appears to have had a completely dysfunctional security culture / organization This dysfunction lead to a 127 separate violations of CIP standards in every area except Incident Reporting and Response. Settlement cost the company $10,000,000.
It was basically a shitshow (at least in my first reading of the report). Anyway it's interesting reading if you work in security.
Report here
No comments:
Post a Comment