Lack of adequate cyber security in DCS and SCADA procurement specifications

    April 4, 2010

    My new book will have an appendix that should be of interest to everyone. I have taken several recent DCS procurement specifications and created an archetype specification. I identified where cyber security could impact the detailed specifications. (Since the NERC CIPs are not adequate to secure ICSs, I did not address them in reviewing the specifications.) This is important for a number of reasons:

    My new book will have an appendix that should be of interest to everyone. I have taken several recent DCS procurement specifications and created an archetype specification. I identified where cyber security could impact the detailed specifications. (Since the NERC CIPs are not adequate to secure ICSs, I did not address them in reviewing the specifications.) This is important for a number of reasons:
    - The DCS vendors that responded to the actual specifications did not include security. The end-users subsequently experienced cyber incidents with varying degrees of impact. Additionally, the DCS logging (forensics) features were unable to identify or record these cyber incidents.
    - The NERC and DHS identified vulnerabilities of Aurora or Boreas were not addressed in the specifications used in the appendix.
    - The DHS procurement language did not address many of the items identified in this appendix.
    - DHS’s CS2SAT methodology did not address a number of cyber issues identified in this appendix.

    Additionally, I reviewed a number of SCADA procurement specifications for electric and water utilities. They were no more comprehensive with respect to cyber security than the DCS specifications used in this appendix. As with the power plant DCS vendors, the SCADA vendors did not provide security for these specific projects. At least one of the utilities suffered a significant SCADA cyber incident.

    I will let the readers make their own conclusions.

    Joe Weiss

    Continue Reading

    Sponsored Recommendations

    Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
    Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
    Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
    An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...

    Latest from Home

    Source: MxD
    Figure 1: Steady streams of students and other visitors take in the digital and cybersecurity demonstrations at Manufacturing times Digital (MxD) institute, which provides participants with programs in digitalized tools, cybersecurity and workforce expertise.
    Two petrochemical workers inspecting pressure valves on a fuel tank
    Source: Endress+Hauser
    Endress+Hauser’s local and regional outreach efforts include collaborating with k-12 schools, colleges and universities, and its larger communities, via its Community Career+Education Forum (CCEF) that’s been held annually since 2014. These events were joined in 2022 by its Design & Innovation Studio program for coding, 3D modeling, robotics and automation.

    Most Read

    Sponsored