Abstract
Information technology constitutes a substantial component of the critical infrastructure of many nations. Systems used by utilities and service industries such as electricity, water, wastewater treatment and gas are key components of these critical infrastructures. These critical infrastructures rely on a range of technologies commonly known as Process Control Systems in the production, distribution or management aspects of their services.
To ensure continued delivery of these critical services, it is important to ensure that the process control systems used to control, monitor and manage the infrastructure are secured against physical and cyber security threats. A number of information security standards have been defined by various industry and government regulatory bodies to provide guidance in securing process control systems. However, managing compliance to several standards can become an added administrative overhead to organizations.
This paper reviews the challenges in maintaining compliance with multiple standards and postulates that a holistic information security management system is required to ensure ongoing security of these process control systems. It proposes the implementation of international standards ISO/IEC 17799 and 27001 as a practical approach to managing the various compliance requirements and providing a framework to implement, monitor, manage and improve the security of process control systems.
An erratum to this chapter can be found at http://dx.doi.org/10.1007/11915034_125.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Attorney General’s Department (Australia): Trusted Information Sharing Network for Critical Infrastructure Protection, Attorney Generals Department (2006)
Attorney General’s Department (Australia): Critical Infrastructure Protection National Strategy. Attorney General’s Department, Canberra (2004)
Dacey, R.F.: Critical Infrastructure Protection: Challenges in Securing Control Systems, United States General Accounting Office (2003)
Rockliff, M.: Process Control System Security, Plexal Group (2005)
Verton, D.: Blaster Worm Linked to Severity of Blackout, ComputerWorld, ComputerWorld (2003)
Poulson, K.: Slammer Work Crashed Phio Nuke Plant Network, SecurityFocus (2003)
Boyer, S.A.: SCADA Supervisory Control and Data Acquisition, 3rd edn. The Instrumentation, Systems and Automation Society, Research Triangle Park, NC, ISA (2004)
Miller, A.: Trends in Process Control Systems Security. IEEE Security and Privacy 3, 57–60 (2005)
US Computer Emergency Readiness Team: Control Systems Cyber Security Awareness, US-CERT (2005)
Byres, E., Lowe, J.: The Myths and Facts behind Cyber Security Risks for Industrial Control Systems, British Columbia Institute of Technology (2004)
Amin, M.: Infrastructure Security: Reliability and Dependency of Critical Systems. IEEE Security and Privacy 3, 15–17 (2005)
Kilman, D., Stamp, J.: Framework for SCADA Security Policy. Sandia National Laboratories, Albuquerque (2005)
Carlson, R., Dagle, J.E., Shamsuddin, S.A., Evans, R.P.: A summary of Control System Security Standards Activities in the Energy Sector, Department of Energy, p. 48 (2005)
North American Electricity Reliability Council: Reliability Standards for the Bulk Electric Systems of North America (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jayawickrama, W. (2006). Managing Critical Information Infrastructure Security Compliance: A Standard Based Approach Using ISO/IEC 17799 and 27001. In: Meersman, R., Tari, Z., Herrero, P. (eds) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. OTM 2006. Lecture Notes in Computer Science, vol 4277. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11915034_80
Download citation
DOI: https://doi.org/10.1007/11915034_80
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-48269-7
Online ISBN: 978-3-540-48272-7
eBook Packages: Computer ScienceComputer Science (R0)