Purchasing Language for SCADA systems…

Feb. 27, 2008
Todd Stauffer of Siemens and I were discussing the need for critical engineering understanding when applying cybersecurity tools to plant level DCS and SCADA security the other day. Todd reminded me of the fact that there's a government funded organization called the Multi-State Information Sharing and Analysis Center that has produced a soi-disant set of procurement language for SCADA systems that is intended to help end...
Todd Stauffer of Siemens and I were discussing the need for critical engineering understanding when applying cybersecurity tools to plant level DCS and SCADA security the other day. Todd reminded me of the fact that there's a government funded organization called the Multi-State Information Sharing and Analysis Center that has produced a soi-disant set of procurement language for SCADA systems that is intended to help end users and EPCs ensure an appropriate level of cybersecurity when they buy and specify SCADA systems. I assume this also applies to DCS systems and simpler plant control systems. MSISAC is a venture of the State of New York and Idaho National Laboratory (INL). Yes, those people who brought you the Aurora video. MSISAC has posted several iterations of their recommended language document which they hope somebody will take and incorporate into real specifications for how to design and purchase cybersecure SCADA systems. What Todd and I were talking about was the need to actually know something about plant and utility control systems before attempting to use this document, in any of its iterations. Todd pointed out that it is entirely possible to specify ALL of the options in the documents, thus making it impossible to actually procure a system at all. What has to happen, when you use documents like this, is you have to have the engineering expertise and sound engineering judgement to be able to use the documents as a template, a framework, and not a stencil. We also noted in passing Boeing's problems with interconnected networks and the new 787 Dreamliner. I have previously noted, in Sound Off! about the folks from Boeing who spoke at ARC...who said that engineers wanted to be able to flash the solid state memories of the avionics systems anytime they wanted to--- and I hope I'm never on a 787 if they are allowed to log onto the avionics and flash the ROMs when the plane is at 40,000 feet. Walt Boyes

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.