For the past 20 years, utility managers have come to rely on
valuable data that is found in process control systems including supervisory control and data acquisition (SCADA). While trying to secure
these systems from security violations, however, many utilities have cut off their own access to
valuable data that is required for sound decision making. A recent WERF/AwwaRF research
project, led by EMA, was designed to provide utilities with the tools to accurately determine
current vulnerabilities and consequences and develop a set of leading practices that will enable
utilities to ensure both effective security and real-time access.
This presentation examines the Control System Cyber Security Self Assessment Tool
(CS<sup>2</sup>SAT) that has been developed, reviewed, and tested via a collaborative effort with the
Department of Homeland Security's Control System Security Program and Idaho National Labs.
This portable, self-assessment tool will enable any water or wastewater utility to conduct effective
vulnerability assessments, determine their state of readiness, and develop corrective measures to
close the vulnerability gap for their control systems. Utilities will be able to create a baseline and
use the tool periodically (i.e., annually) or when a system component is modified or added. This
presentation will explore the specifics of the self-assessment tool, its capabilities, what sorts of
vulnerabilities it can typically locate, the resulting products and information, its reporting
capabilities, and how utilities will be able to use the tool.
The project team has also developed a set of leading practices, guidance, references, and
recommendations that have been incorporated into the tool and can be used as a stand-alone
reference.
The material produced from this research project will provide the necessary approaches, options,
guidelines and specifications to utilities on how to assess computerized and automated system
vulnerabilities, determine acceptable risk and countermeasures, and develop a transition plan to
attain secure and protected control systems. The first step is an assessment of a utility's current
circumstances to develop a clear understanding of the existing gaps. Only then will it be possible
to develop a plan to close those gaps and secure access to valuable data for those who need it,
while ensuring there is no way to penetrate these systems by those who don't. This presentation
provides vital insight for utility decision-makers who care about secure access to automated
systems.
| Edition : | Vol. - No. |
| File Size : | 1
file
, 1 MB |
| Note : | This product is unavailable in Ukraine, Russia, Belarus |
| Number of Pages : | 35 |
| Published : | 03/01/2007 |
