From an initial review of the network architectures, security assessment instruments and procedures are selected. The intent is to use procedures and software tools that have a low probability of causing disruption to process operations.
To conduct a device assessment, investigating the networked devices in the process areas including:
• Servers
• Human Machine Interfaces (HMI)
• Modems
• Routers/Switches
• Firewalls
• Programmable Logic Controller (PLC)
• Distributed Control Systems (DCS)
• DCS and PLC Gateways
• Intelligent Electronic Devices (IED)
The information collected (as applicable) includes:
• Operating System Version/Patches/Service Pack
• Operating Processes and Services
• Applications (Approved and Non-Approved)
• Protection Software (Antivirus, Firewall)
• Connectivity hardware (e.g. Ethernet, Serial, WLAN, Fieldbus, etc)
• Connectivity software (e.g. Remote control, Web Access, Email, FTP, etc)
• NetBIOS and NFS Shares
• Open IP Ports
• User and password security policy
• User Lists
• Other configuration
• Physical security
The device assessment is carried out by physically visiting each device and applying the appropriate tool and assessment sheet. The assessment sheets identify basic device information such as the time of assessment, assessor, plant area, location, function, application, custodian, manufacturer, model, operating system and IP address. The device is then assessed for security risk in five areas (physical access, software access, external connectivity, Device specific issues, and comments and observations).
Labels:
SCADA
SCADA