27 July 2006

Critical Infrastructure Resiliency: SCADA

The SCADA and Control Systems Procurement Project provides the operational risk context and knowledge for any CISO, CIO or CTO who is procuring new software to control Critical Infrastructures. It is also a good lesson for those projects where the information assurance policies require a strict protocol for purchasing new systems and software. This project is the first of many efforts to create a more resilient infrastructure and to mitigate the risk of future attack on these vital systems in our daily public and private sector operations.

SCADA (Supervisory Control And Data Acquisition) generally refers to the systems which control our critical infrastructures -- such as electric power generators, traffic signals, dams, and other systems. Protecting our critical infrastructure and process control systems is a vital component of our nation's readiness and response efforts. The SCADA Procurement Project, established in March 2006, is a joint effort among public and private sectors focused on development of common procurement language that can be used by everyone. The goal is for federal, state and local asset owners and regulators to come together using these procurement requirements and to maximize the collective buying power to help ensure that security is integrated into SCADA systems.

This is a major step towards risk mitigation in the systems that keep our economy running on a daily basis. Without more resilient systems, our financial and healthcare sectors are at the mercy of a myriad of exploits by "Digital Adversaries".

To reduce control systems vulnerabilities, the DHS National Cyber Security Division (NCSD) established the Control Systems Security Program (CSSP) and the US-CERT Control Systems Security Center (CSSC). The CSSP coordinates efforts among federal, state, and local governments, as well as control system owners, operators, and vendors to improve control system security within and across all critical infrastructure sectors by reducing cyber security vulnerabilities and risk. The US-CERT CSSC coordinates control system incident management, provides timely situational awareness information, and manages control system vulnerability and threat reduction activities.

No comments:

Post a Comment