SP99-- who are those guys?

July 24, 2007
Ken Anderson will be speaking on security issues with Wireless applications. I don't know what happened, but this was supposed to be given by Bryan Singer... Anderson works for an oilsands company. What I want to talk about is where SP99 is, and what we're doing there. Components included based on function performed, not industry, type of control or other limited views SCADA, etc. We go from Level 0,1,and2 and a little of Level 3 of the purdue model. IT security is an established disciplin...
Ken Anderson will be speaking on security issues with Wireless applications. I don't know what happened, but this was supposed to be given by Bryan Singer... Anderson works for an oilsands company. What I want to talk about is where SP99 is, and what we're doing there. Components included based on function performed, not industry, type of control or other limited views SCADA, etc. We go from Level 0,1,and2 and a little of Level 3 of the purdue model. IT security is an established discipline, but its application in industrial control systems is a challenge. It is necessary to add domain expertise to provide workable, practical solutions for control systems without screwing them up. Effective automation security is a function of appropriate technology, specialized expertise and domain expertise. Anderson described the SP99 working groups. TR1 has already been released, and will be released in a revised format soon. There are 260 members from 220 companies from a wide number of industry verticals and sectors. SP99 is developing the ANSI standards. ANSI/ISA-TR99.00.01-2004 revision has been issued for voting. ANSI/ISA-d99.00.01 Terminology, concepts and models: estimated publication 3Q 2007 d99.00.02 Establishing an Industrial Automation and Control Ssytems SEcurity program. 400 comments received, analysis is in progress. Major themes are organization of information and ease of use, consistency with other standards, process complexity, for release in late 2007 There are other documents available: master glossary, guide to the standards. d99.00.03: Operating an industrial automation and control ssytems security program. work will commense after completion of part 2. d99.00.04 Technical security requirements, working group active. Newly started. DHS Security catalog will be available-- great document. Working group 6, concerned with Patch Management, has been formed in conjunction with MS-MUG. We are increasing awareness of and coordination between SP99 and other automation systems security activities and standards bodies. Here's the begging part: None of these standards will get done without volunteer help, folks. Priorities: Complete Part 1 and Part 2 Standards Complete the revised TR-1 Support working groups SP99 needs your participation.