Publications
Further development of this draft has ceased (June 09, 2011).
Guide to Industrial Control Systems (ICS) Security
Documentation
Date Published: September 2008
Author(s)
Keith Stouffer (NIST), Joseph Falco (NIST), Karen Scarfone (NIST)
The purpose of this document is to provide guidance for securing industrial control systems (ICS), including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other systems performing control functions. The document provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks. Because there are many different types of ICS with varying levels of potential risk and impact, the document provides a list of many different methods and techniques for securing ICS. The document should not be used purely as a checklist to secure a specific system. Readers are encouraged to perform a risk-based assessment on their systems and to tailor the recommended guidelines and solutions to meet their specific security, business and operational requirements. The scope of this document includes ICS that are typically used in the electric, water and waste water, oil and natural gas, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (automotive, aerospace, and durable goods) industries.
The purpose of this document is to provide guidance for securing industrial control systems (ICS), including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other systems performing control functions. The document provides an overview of ICS and...
See full abstract
The purpose of this document is to provide guidance for securing industrial control systems (ICS), including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other systems performing control functions. The document provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks. Because there are many different types of ICS with varying levels of potential risk and impact, the document provides a list of many different methods and techniques for securing ICS. The document should not be used purely as a checklist to secure a specific system. Readers are encouraged to perform a risk-based assessment on their systems and to tailor the recommended guidelines and solutions to meet their specific security, business and operational requirements. The scope of this document includes ICS that are typically used in the electric, water and waste water, oil and natural gas, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (automotive, aerospace, and durable goods) industries.
Hide full abstract
Keywords
computer security; distributed control systems (DCS); industrial control systems (ICS); information security; network security; programmable logic controllers (PLC); risk management; security controls; supervisory control and data acquisition (SCADA) systems
Control Families
None selected
Documentation
Publication:
No Download Available
Supplemental Material:
None available
Document History:
09/02/08: SP 800-82 (Draft)