NIST Industrial Control System Security Activities
Keith A. Stouffer
The National Institute of Standards and Technology (NIST) has several ongoing efforts to address industrial control system security. This paper will present an overview of two of these efforts, the Process Control Security Requirements Forum (PCSRF) and the upcoming Special Publication 800-82. The Process Control Security Requirements Forum (PCSRF), formed in spring of 2001, is a 650 member working group of users, vendors, and integrators in the process control industry which is addressing the cyber security requirements for new industrial process control systems and components, including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and Intelligent Electronic Devices (IEDs). NIST Special Publication 800-82, Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control System Security, scheduled for release in January 2006, provides guidance for establishing secure SCADA and Industrial Control Systems. The document provides an industrial control system overview and typical system topologies to facilitate the understanding of industrial control systems, identifies typical vulnerabilities and threats to these systems and provides recommended security countermeasures to mitigate the associated risks.