The Automation Federation announced its support of a new initiative aimed at evaluating the feasibility of creating a set of well-engineered specifications and processes for the security testing and certification of critical control systems products. The Automation Federation will provide financial and personnel support for the initial feasibility study project.
Over the past few years, research has shown that SCADA and control systems products often have serious security vulnerabilities. These vulnerabilities leave the control systems exposed to viruses, hackers, and possibly terrorist activities from around the world. Industry standards like those arising from ISA-SP99 and NERC CIP-2-9 and the work of the OMAC MSMUG group have attempted to address this issue from an end-user prospective. The feasibility study the Automation Federation is supporting aims to help define methods by which suppliers of products can validate that their products afford the necessary level of secure operation.
Industry leaders from major control system operators and manufacturers are initiating this effort to create a set of well-engineered specifications and processes for the testing and certification of critical control systems products. With this program, control system suppliers would be able to offer products that are proven to meet a standard set of minimum security requirements.
To effectively frame the opportunity, Wurldtech Analytics Inc. will lead a detailed evaluation and development of a formal proposal. This will result in a well-defined model for the creation and operation of the security certification organization. The deliverables for the study will include:
- Investigation of critical success factors in industrial certification organizations
- An incorporation model designed to best meet the needs of industry (e.g. non-profit or for-profit)
- A proposed accreditation model and guidelines for interaction with standards bodies
- Governance, membership, code of conduct and voting model
- Legal and property rights guidelines
- Proposed budget and membership fee model
- A multiyear time line and milestones for the setup and operation of the organization
- Long-term sustainability of the organization
- Estimation of member commitment requirements in time and people
A formal proposal based on the results of the study is expected to be completed by September 2006, with an organization possible in early 2007.