Speaker
Description
The Trickle Down Effect: Protecting SCADA systems at the high energy physics lab, SLAC, by minimizing human error through phishing training policy and best practices
Preventing another Stuxnet-like attack means first leveraging training to familiarize staff with what common attacks look like. Stanford’s high energy physics lab, SLAC, recently roll out a simulation phishing exercise and security policy to test and improve real-time responses to phishing emails, familiarize employees with phishing emails, and to raise awareness on the growing impact of phishing. Training was administered through an email that imitates a phishing email. In this presentation and paper, we discuss the important link of phishing training and security training policy to protecting industrial systems in an academic environment that requires flexibility for scientific innovation, the role of the ever-growing Internet of Things (IoT) in securing systems at scientific/government labs, how we notified our user community, how we gained management buy-in, and some of the tips and learnings we discovered along the way to run an interactive, engaging, successful, well-received campaign.
