Internet and global e-business application requirement demands that companies increasingly implement computing infrastructures specifically designed for at least 99.999 percent availability. This is the equivalent of less than 5.3 minutes of downtime a year. This is also requirement for the SCADA networks. In response t this trends SCADA owners need to address increased security and support for high availability.
Lately, NIST, academia, and several SCADA vendors have initiated strategy to support SCADA security. The CVSS NM-SIG for network monitoring is discussing the information system and SCADA risks. In addition, the control systems Security Event Monitoring (SEM) Working Group at Process Control System Forum (PCSF) is working on a method to regularly collect statistic from SCADA and DCS networks that are being monitored for cyber security events.
More efforts should be planned to reduce the vulnerabilities and improve the security operations of these systems. It is necessary to address not only the individual vulnerabilities, but the breadth of risks that can interfere with critical operations.
SCADA security design and information security management can be improved by applying a wide range of control principles and methods as well productivity control, involving decision making under uncertainty with increase levels of decision support. The improvements for SCADA security have to be broad at the system level and details at the component level.