Full Description

A utility's information systems are a critical component of any complete approach tosecurity. In order to identify gaps and areas for improvement in their security, mostutilities have or will be conducting a vulnerability assessment of their physical and"virtual" infrastructure through the US Environmental Protection Agency's RAM-W training or other risk assessmentmethodology. This paper describes that latest methods and tools to implement securityfor information and control systems once the critical areas have been identified.Security for "virtual" infrastructure is described in terms of a layered approach thatidentifies potential threats and recommended defenses at many levels. The latest securitytools and their often-confusing acronyms are described in ways that areapplicable to all utilities. Specific security methods for SCADA, DCS, and controlsystems are discussed in detail with direct relevance to the information covered by theRAM-W course. Tools to protect against threats that arise from external as well asinternal sources are presented and described in terms of their effectiveness and ease ofimplementation.Finally, this paper gives anonymous examples of security assessments, action plans, andresulting system implementations for several water and wastewater utilities. The detailedmethods, tools, and examples presented should allow any organization to properly fortifyand secure their information systems.

Product Details

Edition: Vol. - No. Published: 04/27/2003 Number of Pages: 24File Size: 1 file , 800 KB