Process Control Security: Go Dutch! (United, Shared, Lean and Mean)

Abstract

International studies have shown that information security for process control systems, including SCADA, is weak. As many critical infrastructure (CI) services depend on process control systems, any vulnerability in the protection of process control systems in CI may result in serious consequences for the safety of our citizens and the security of our society, economy and ecology.

Various critical sectors in The Netherlands like drinking water, energy, multinationals have identified process control security as an important theme to jointly address in the Dutch National Infrastructure against Cybercrime (NICC). A set of activities were started, such as sector-wide benchmarks, awareness raising, development of good practices, sharing of incident information, developing an acquisition standard, and red-blue team training. Mid of 2010, the Dutch Process Control Security Roadmap project took off which comprises a coordinated set of actions to raise the security barriers in the domain where information technology touches the physical world. Rather than re-inventing wheels, the Dutch approach is lean and mean trying to improve and integrate existing efforts and advancements using a united effort by for instance chief information officers, process control users, manufacturers, system integrators, EDP-auditors, education, and R&D. The results are shared with all the participants in order to reach an improved and high level of protection at the short, medium and the long time. Results are shared as well with other nations, international information exchanges and vendors aiming international acceptance and a next, shared improvement cycle.

The keynote session will highlight the approaches and show some of the results.