Print this article

Comment

1 May 2005

SCADA security groups follow ISA

Greenfield organization Process Control Systems Forum (PCSF) is quickly an influential member of the pursuit to secure the industrial control systems in the U.S.

The effective management and coordination of the efforts of ISA-SP99 Manufacturing and Control Systems Security, the INEEL SCADA test bed in Utah, the I3P at Dartmouth College, and now, the Department of Homeland Security-funded PCSF is important.

ISA—The Instrumentation, Systems, and Automation Society has been working on the cyber terrorism and control system hacking problem since shortly after September 11, 2001, and well before the Department of Homeland Security (DHS) existed.

ISA is the leader in the movement toward the post-9/11 security of control systems because supervisory control and data acquisition (SCADA) and distributed control systems (DCS) and automation technologies are the heart of the organization's mission.

Over 200 cyber security experts from a cross-section of industries are working collaboratively within an ISA standards group—ISA-SP99—to develop American National Standards on cyber security for manufacturing and control systems.

The American National Standards Institute (ANSI) accredits ISA to develop industry standards. ISA has previously published widely used standards on control systems operation and safety in chemical, power generation, and other manufacturing industries related to the critical infrastructure.

ISA published two ANSI-approved industry guideline reports in 2004 that marked the first comprehensive guidance for organizations to evaluate and improve their manufacturing and control system, cyber security programs. The ISA-SP99 group is now extending that work by developing a series of American National Standards (October 2003 InTech article, SP99 Counterattacks).

Apply collective thinking

Under Secretary for Science and Technology, Department of Homeland Security Charles McQueary said at the PCSF formational meeting recently that The PCS Forum would build upon the existing body of work in this subject area and establish links with others in industry and government who are already making improvements to individual process control and SCADA systems.

The objective is to focus and apply the best collective thinking in the industry to transform the current, disparate state of process control systems in this country into one that sits on consensus architecture and best practices.

Ultimately, PCSF intends to arrive at a common underlying architecture for process control systems that offers security, reliability, resiliency, and continuity in the face of disruptions and major incidents.

ISA has three members on the 11-member PCSF governing board including the chair of SP99, Bryan Singer.

Holes and interdependencies

In addition, this spring, the Institute for Information Infrastructure Protection (I3P) launched a major SCADA security research initiative.

The Dartmouth College-managed operation commenced an $8.5 million research program that will help protect supervisory control and data acquisition systems in the oil and gas industry and other critical infrastructure sectors.

DHS and the National Institute of Science and Technology fund the I3P research consortium. Its mission is to address security issues facing the U.S. information infrastructure. The funds, spread over two years, will support basic research, as well as product-driven technology solutions, in order to better understand and mitigate high-risk SCADA flaws.

The I3P Web site avers that SCADA experts and officials within the U.S. government have long warned about the security issues surrounding the use of SCADA and other automation systems to manage and control everything from electric power generation plants, to water systems and oil and gas pipelines.

A research team consisting of 10 I3P member institutions will help identify SCADA vulnerabilities and interdependencies between SCADA systems and other critical infrastructures.

The research team also includes security specialists from the University of Illinois Urbana-Champaign, MIT Lincoln Laboratory, The MITRE Corporation, New York University, Pacific Northwest National Laboratory, SRI International, The University of Tulsa, the University of Virginia, and Dartmouth College.

Nicholas Sheble (nsheble@isa.org) edits the Networking & Communications department.