Chapter 3 - SCADA Security Assessment Methodology

Abstract

This chapter discusses the need for supervisory control and data acquisition (SCADA) security assessments and provides a comprehensive approach to conducting SCADA security assessments. The evolution of SCADA systems toward standard TCP/IP networking and common applications is driving the need to implement and monitor effective security. An effective security assessment involves utilizing a solid defined framework that is repeatable. The NSA IAM and IEM provide a framework to work within for purposes of conducting the security assessment process. The Preproject activities focus on gaining an understanding of what the customer is looking for in their security assessment engagement. The onsite assessment is broken down into two areas, organizational and technical. The organizational assessment focuses on understanding what policies and procedures are in place in the organization and how the organization actually implements the security program. The information for the organizational assessment is collected based on interviews, documentation review, system demonstrations, and observation. The second part of the onsite assessment is the technical assessment. The basis for the technical assessment is the NSA IEM 10 baseline activities, which encompass the majority of the technical scanning and analysis needs for a security assessment. The Post-assessment process involves conducting the final analysis and putting together the final report. This process is important because it outlines the findings from the assessment process and gives the recommendations for improvement of the organization's security posture. A critical aspect of the Postassessment is to give a well-defined logical roadmap for security posture improvement.