These explicitly address the security issues and make recommendations that are not highly technical in nature. Security guidelines sometime come from government agencies. For instance, a report by Department of Energy lists 21 steps providing security guidelines to improve SCADA network security. These steps consist of suggestions such as defining security roles of personnel, establishing rigorous management processes and conducting self assessments.
America Gas Association focused on retrofitting to existing networks with a common target of protecting resource delivery systems and safeguarding utility company assets in the most efficient and least intrusive manner possible. The recommendations were classified under categories such as security policy, operational, technical, quality, and system. SCADA link security protocols described exchange of management information between cryptographic modules. It proposed policies for authentication, security management, access control, identity administration and accountability. The report proposed generic security framework for any Web based application not particularly for SCADA.
SCADA link security protocols described exchange of management information between cryptographic modules. Although the information was quite detailed, it was inadequate to be used as a basis for the doctoral research. The available publications do not see security as a major integral part of the system and there is consequently limited research material on the topic. For instance, very briefly mentions message security check used in the protocols. It considered software engineering aspects to design general communications protocol of a SCADA system, but failed to consider security as an important design or specification aspect.
Several SCADA applications have used successfully SSL/TLS solutions, including organizations such as Bow Network Inc. and the California ISO. The use of SSL/TLS with SCADA has also been approved by IEC Technical Committee 57 Work group. The solution of SSL/TLS can be applied not only to the TCP/IP based connections but also to any reliable connection oriented protocol such as X.25 or OSI.