Gaithersburg, MD, U.S.A. — (METERING.COM) — July 1, 2011 – The U.S. National Institute of Standards and Technology (NIST) has issued the final version of its Guide to Industrial Control Systems (ICS) Security (SP 800-82) for smart grid and other critical infrastructures to enable mangers to secure their systems while addressing their unique performance, reliability, and safety requirements.
Finalized after three rounds of public review and comment, the guide is directed to federally owned or operated industrial control systems, but its potential audience is far larger and more diverse, since about 90 percent of the nation’s critical infrastructure is privately owned.
Industrial control systems include supervisory control and data acquisition (SCADA) systems, distributed control systems and programmable logic controllers. The scope of facilities and equipment encompassed by these technologies range from broadly dispersed operations, such as natural gas pipelines and water distribution systems, down to individual machines and processes.
Due to the unique performance, reliability and safety requirements, securing industrial control systems often requires adaptations and extensions to the NIST-developed security standards and guidelines for IT systems only. The new guide describes these adaptations and extensions, provides an overview of various systems and their organizational layouts, describes typical threats and vulnerabilities, and recommends appropriate countermeasures.
“Securing an industrial control system requires a proactive, collaborative effort that engages cyber security experts, control engineers and operators and other experts and experienced workers,” said NIST mechanical engineer and lead author Keith Stouffer. “It also requires factoring in – and addressing – new risks introduced by the evolving smart electric power grid.”
To tackle security issues arising from the convergence of the smart grid and industrial control systems, it is recommended that SP 800-82 is used in conjunction with the Guidelines for Smart Grid Cyber Security (NISTIR 7628), which NIST issued last September.