ERE Information Security Auditors
Home | Site Map | Contact Us |  Resource Center
This text is replaced by the Flash movie.
list of IT security and compliance audit steps
ERE Differentiators from other vendors

SCADA Security and SCADA Audits

Network security and Internet security for SCADA applies to water, electrical, and gas utilities and for oil pipelines / refineries. SCADA real time monitoring and management is used similarly for disparate industries:

  • Water – chemical and biological safety
  • Electricity – state of flow and safety of electricity
  • Gas – state of flow and safety of gas
  • Oil – state of flow and safety of oil

Advanced metering infrastructure or AMI, sometimes referred to as smart metering, imposes yet a new security burden to networks of electrical utilities, particularly where the smart metering has connectivity to their SCADA networks.

See more

NERC_CIP

While the SCADA audits focus primarily on SCADA security, ERE also looks at security risks introduced by the interconnection with the corporate network.

The most formal IT security standard for SCADA security is CIP 2–9 created by the North American Electric Reliability Corporation. The ERE SCADA security audit is based upon the NERC CIP 02-09 standards.

ERE Differentiators

  • CIP standards and SCADA – ERE SCADA security audits follow the NERC CIP standards and cross index SCADA security risks with the CIP standard.
  • ERE provides both point in time SCADA audits and 7/24 SCADA security monitoring with our 7/24 NERC CIP compliance monitoring service.
  • NERC CIP documentation creation – ERE writes SCADA security policies, standard operating procedures, and NERC CIP documentation.
  • ERE fulfills the unique requirements for DRP, BCP, security event response plans, cyber attack response plans as required by CIP standards and SCADA.

 

 
Additional Resources

 

Regulation 169 Drinking Water Quality Standards
Regulation 170 Drinking Water Systems
Regulation 248 Drinking Water Testing Services

Ontario Ministry of the Environment -
http://www.e-laws.gov.on.ca/Browse?queryText=dDocName+%3Cmatches%3E+%60ELAWS_STATUTES_*
_e%60+%3CAND%3E+%28xRegUnderAct+%3Cstarts%3E+%60S%60%29&resultCount=200&sortField=

Water Infrastructure Security Enhancements (Wise)
American Water Works Association -
http://www.awwa.org/Resources/Content.cfm?ItemNumber=29824&navItemNumber=29837
Water Sector Coordinating Council Cyber Security Working Group sponsored by AWWA and Homeland Security -
http://www.awwa.org/Resources/Content.cfm?ItemNumber=29824&navItemNumber=29837

NIST
Publication 800-82 (Draft) - Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security -
http://csrc.nist.gov/publications/PubsDrafts.html

 

Contact Us

905 764 3246

 
 
  Budgetary Price Quote
  10 minute scope definition call
  ROI Calculation for your next Audit 
  Sanitized Statement of Work
  Sanitized Audit Report
  Product Literature  
  White Papers and Published Articles
   
  Please see Ron Lepofsky’s book,
The Manager’s Guide to Web Application Security,
published by Apress Media

http://www.apress.com/9781484201497

The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively.

 
Home | Technology Audits | Compliance Audits | Process Audits | Doc Audit/Authorship| | 7x24 Monitoring | Knowledge Transfer
ERE Differentiators | About Us | Site map | Contact Us | |   | Resource Center
Copyrights © 2007-2008. All rights reserved.  

   AddThis Social Bookmark Button