Intelligent Industrial Control System Security and Industrial Network Standards

The introduction of information technologies, such as wireless and Ethernet, into critical industrial infrastructure systems has provided simpler and more agile control over electric power, water, oil, natural gas and manufacturing facilities around the country. The modernization of these systems, however, requires that security measures be implemented to protect them from accidental viruses or, worse, malicious interference such as terrorist attacks. This program develops the security standards and guidelines for the computerized systems that control the nation’s utilities as well as other staples of daily life. It also drives development of new security tools for future systems.

Since the late 1990s, use of information technologies, such as wireless and Ethernet, to monitor, control and connect  electric power, water, oil and natural gas, and manufacturing infrastructures has improved operational control as well as both prevention of and response time to failures, but it has also opened the doors to new security threats. At worst, there is the possibility of cyber-terrorism, in which a hacker could potentially bring down the country’s power grid, for example. Perhaps more likely is the danger of an inside worker making some innocent mistake -- such as allowing a virus onto the computer system -- that could potentially have equally devastating results. In support of the Department of Homeland Security (DHS) National Infrastructure Protection Plan, NIST is working to establish a broad platform of security standards, guidelines and supporting test methods for industrial control systems to guard against these threats. Such a platform would cater to the needs of equipment manufacturers and could be easily adopted by users, most of whom operate in the private sector.

NIST bring years of experience to this task, as it has been working since 2000 with communities in both the public and private sectors to help develop security standards and guidelines for these systems. As an institution without a financial stake, NIST can work with the relevant industries to create standards that benefit all its collaborators and promote the country’s security in general.

The program has a three-pronged focus to help protect the systems upon which we rely daily. First, NIST researchers are working to create security standards and guidelines for the existing systems. This work includes providing written guidance on appropriate safeguards and countermeasures to secure these systems while addressing their unique operational and safety requirements.

Secondly, the program is working to drive technological innovation that will provide trustworthy built-in security in future systems. Since many of the existing systems were built only with ease of use and general safety in mind, security countermeasures were added on after the fact, if at all. Program researchers work with their collaborators through the International Society of Automation (ISA) to specify the security requirements that vendors should implement as they develop future products.

Finally, the program is developing test beds and performance test methods. Not only are such tests necessary to determine standards compliance, but they are also crucial to ensure that components from different manufacturers are “plug-and-play” compatible.

Click here for more details