A utility's information systems are a critical component of any complete approach to
security. In order to identify gaps and areas for improvement in their security, most
utilities have or will be conducting a vulnerability assessment of their physical and
"virtual" infrastructure through the US Environmental Protection Agency's RAM-W training or other risk assessment
methodology. This paper describes that latest methods and tools to implement security
for information and control systems once the critical areas have been identified.
Security for "virtual" infrastructure is described in terms of a layered approach that
identifies potential threats and recommended defenses at many levels. The latest security
tools and their often-confusing acronyms are described in ways that are
applicable to all utilities. Specific security methods for SCADA, DCS, and control
systems are discussed in detail with direct relevance to the information covered by the
RAM-W course. Tools to protect against threats that arise from external as well as
internal sources are presented and described in terms of their effectiveness and ease of
implementation.
Finally, this paper gives anonymous examples of security assessments, action plans, and
resulting system implementations for several water and wastewater utilities. The detailed
methods, tools, and examples presented should allow any organization to properly fortify
and secure their information systems.
| Edition : | Vol. - No. |
| File Size : | 1
file
, 800 KB |
| Note : | This product is unavailable in Ukraine, Russia, Belarus |
| Number of Pages : | 24 |
| Published : | 04/27/2003 |
