Samir Malaviya, CISA, CGEIT, CSSA
Supervisory Control and Data Access (SCADA) systems are the backbone of critical infrastructure. Recent developments, including headlines on cyberwarfare initiated by state and non-state actors, have brought security for industrial control systems, including SCADA systems, to the forefront of cybersecurity discussions.
It must be noted that the challenges of SCADA security are quite different when compared to the challenges faced in implementation of cybersecurity frameworks in the traditional IT world. While traditional cybersecurity is more concerned with confidentiality and integrity, for SCADA system, availability is of paramount importance. Imagine if your power utility experiences failure because some of the controls applied by its cybersecurity team result in crashing the device itself. This may be catastrophic for utilities and might result in loss of life, too. The traditional cybersecurity model for IT needs to be fine-tuned to meet challenges specific to the SCADA world.
The proposed SCADA security framework from my recent Journal article describes a model for owners/operators of critical infrastructure to build a cybersecurity model for their SCADA systems. The proposed framework also covers all of the components of the recently published draft version of Critical Infrastructure Cybersecurity Framework, from the US National Institute of Standards and Technology (NIST). The SCADA security framework also maps to some of the regulatory requirements to be followed by owners and operators of critical infrastructure. In fact, the SCADA security framework can be considered a comprehensive superset that meets all of the regulatory requirements of the concerned industry for the owner and operators of critical infrastructure.
The SCADA security framework can be used by owners and operators of critical infrastructure to develop the security program. It is envisioned that the SCADA security framework can help to develop a risk profile and control framework for the organizations.
Read Samir Malaviya’s recent Journal article:
“SCADA Cybersecurity Framework,” ISACA Journal, volume 1, 2014.