Supervisory Control And Data Acquisition

Until quite recently, SCADA systems were traditionally “walled off” from other systems operating independently from the network. Prior to the awareness of possible attacks, this seemed to provide all the protection the SCADA system required. However, over time they have become integrated into larger company networks as a means of leveraging their valuable data to increase plant efficiency. The result of this development is that now their security is often only as strong as the security of the overall network.

The process of protecting SCADA networks starts with the creation of a written security policy. Failure to have a policy in place exposes the company to attacks, loss of revenue and legal action. The security policy should also be a living document, not a static policy created once and then shelved. The management team needs to draw very clear and understandable objectives, goals, rules and formal procedures to define the overall position and architecture of the plan. It should also cover the following key components:

• Roles and responsibilities of those affected by the policy
• Actions, activities and processes that are allowed, and those that are not allowed
• Consequences of non-compliance

Source and more info: pandct

This entry was posted on Sunday, October 1st, 2006 at 6:57 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.