Control system security

Control System Security is defined as the prevention of intentional or unintentional interference with the proper operation of industrial automation and control systems through the use of computers, networks, operating systems, applications and other programmable configurable components of the system. It is known by several other names such as SCADA Security, PCN Security, Industrial Automation and Control System Security, Control System Cyber Security, Industrial Network Security and Electronic Security for Industrial Automation and Control Systems.

Control system security is very important because industrial automation and control systems automatically operate the services that we consider essential for our way of life – electricity, petroleum production, water, transportation, manufacturing and communications. Recent events such as the discovery of the Stuxnet virus have demonstrated the vulnerability of these systems to cyber incidents. The US and other governments have passed Cyber-security regulations requiring enhanced cyber security protection for control systems operating critical infrastructure.

Insecurity of industrial automation and control systems can lead the following risks:

• Safety
• Environmental impact
• Lost Production
• Equipment Damage
• Information Theft
• Company Image

Industrial automation and control systems have become far more vulnerable to security incidents due to the following trends that have occurred over the last 10 to 15 years.

• Heavy use of Commercial Off-the Shelf Technology (COTS) and protocols. Integration of technology such as MS Windows, SQL, and Ethernet means that process control systems are now vulnerable to the same viruses, worms and trojans that affect IT systems Increased Connectivity
• Enterprise integration (using plant, corporate and even public networks) means that process control systems (legacy) are now being subjected to stresses they were not designed for
• Demand for Remote Access - 24/7 access for engineering, operations or technical support means more insecure or rogue connections to control system
• Public Information - Manuals on how to use control system are publicly available to would be attackers as well as to legitimate users

ISA99 is the Industrial Automation and Control System Security Committee of the Instrumentation, Systems, and Automation Society (ISA). The committee is developing a multi-part control system standard and has released several standards and technical reports.

• ISA99 Part 1 (ANSI/ISA 99.00.01) is approved and published.
• ISA99 Part 2 (ANSI/ISA 99.02.01-2009) is approved and published. It has also been approved and published by the IEC as IEC 62443-2-1
• ISA99 Part 3 is in process
• ISA99 Part 4 is in process

This page or section may contain link spam masquerading as content. Spam on Wikipedia consists of external links mainly intended to promote a website. If you are familiar with the content of the external links, please help by removing promotional links in accordance with Wikipedia:External links. (August 2010)

• ISA 99 Standards
• ISA Security Compliance Institute
• NERC Standards (see CIP 002-009)
• NIST webpage| NIST
• The Repository of Industrial Security Incidents