During a recent investigation, an auditor discovered that an engineer’s compromised
workstation was being used to connect to SCADA systems while the engineer was not
logged in. The engineer is responsible for administering the SCADA systems and cannot be
blocked from connecting to them. The SCADA systems cannot be modified without vendor
approval which requires months of testing. Which of the following is MOST likely to protect
the SCADA systems from misuse?

A.
Update anti-virus definitions on SCADA systems

B.
Audit accounts on the SCADA systems

C.
Install a firewall on the SCADA network

D.
Deploy NIPS at the edge of the SCADA network