End-users and vendors of Industrial Control System(s) (ICS) have expressed concerns that the deployment of anti-virus software may interfere with the operation of time-critical control processes. A set of guidelines and a test methodology were developed to help minimize and measure performance impacts caused by the addition of anti-virus software on ICS. The guidelines are based on the expertise of ICS end-users and vendors who are using anti-virus software on their ICSs as well as anti-virus software vendors. The test methodology provides a general set of procedures for use by industry as a starting point when developing control system specific performance impact tests. A laboratory test bed was used in the development of the test methodology and to demonstrate some of the performance impacts caused by the addition of anti-virus software. Discussions of practices currently in use to contend with these issues are reflected in the guidelines. In many cases, performance impacts can be reduced by using configuration settings, scanning practices and maintenance scheduling that are different than those recommended for typical IT system application of anti-virus software. Also provided is a collection of background information on ICSs and anti-virus software for IT and control system professionals who are responsible for securing these systems. This work is the result of a collaborative effort between the National Institute of Standards and Technology, and Sandia National Laboratories, under the guidance and sponsorship of the Department of Energy s Office of Electricity Delivery and Energy Reliability and their National SCADA Test Bed program.
Citation: Special Publication (NIST SP) - 1058
NIST Pub Series: Special Publication (NIST SP)
Pub Type: NIST PubsReport Number:
anti-virus, computer security, DCS, Industrial Control Systems, Malware, performance impacts, SCADA