Friday, October 8, 2010

Device Assessments of SCADA Network

From an initial review of the network architectures, security assessment instruments and procedures are selected. The intent is to use procedures and software tools that have a low probability of causing disruption to process operations.

To conduct a device assessment, investigating the networked devices in the process areas including:
• Servers
• Human Machine Interfaces (HMI)
• Modems
• Routers/Switches
• Firewalls
Programmable Logic Controller (PLC)
• Distributed Control Systems (DCS)
• DCS and PLC Gateways
• Intelligent Electronic Devices (IED)

The information collected (as applicable) includes:
• Operating System Version/Patches/Service Pack
• Operating Processes and Services
• Applications (Approved and Non-Approved)
• Protection Software (Antivirus, Firewall)
• Connectivity hardware (e.g. Ethernet, Serial, WLAN, Fieldbus, etc)
• Connectivity software (e.g. Remote control, Web Access, Email, FTP, etc)
• NetBIOS and NFS Shares
• Open IP Ports
• User and password security policy
• User Lists
• Other configuration
• Physical security

The device assessment is carried out by physically visiting each device and applying the appropriate tool and assessment sheet. The assessment sheets identify basic device information such as the time of assessment, assessor, plant area, location, function, application, custodian, manufacturer, model, operating system and IP address. The device is then assessed for security risk in five areas (physical access, software access, external connectivity, Device specific issues, and comments and observations).


Newer Post Older Post Home

You may also like these ebook:

Get Free PLC eBook directly sent to your email,
and email subscription to

We hate SPAM. Your information is never sold or shared with anyone.

Your Email Will Be 100% Secured !