Control Systems Security Program (CSSP)
Information Products
- Configuring and Managing Remote Access for Industrial Control Systems
Centre for the Protection of National Infrastructure (CPNI), Control Systems Security Program (CSSP). This paper examines control system network architectures and explores good practice on remote access. Length is 67 pages. April 2011.
- 21 Steps to Improve Cyber Security of SCADA Networks
Office of Energy Assurance, Office of Independent Oversight and Performance Assurance, U.S. Department of Energy. If you prefer a list of cybersecurity improvements, then read this short, 10-page document.
- Study of Security Attributes of Smart Grid Systems - Current Cyber Security Issues
U.S. Department of Energy Office of Electricity Delivery and Energy Reliability, National SCADA Test Bed (NSTB). This report introduces Smart Grid architecture and identifies cybersecurity concerns with current and past implementations. Length is 39 pages. April 2009.
- Good Practice Guide - Process Control and SCADA Security
The Centre for the Protection of National Infrastructure (CPNI) produced this document that provides good practice guidelines for process control and SCADA systems. Length is 26 pages.
- CPNI SCADA Documents and Website
Nine Process Control and SCADA Security documents are available for download at the Centre for the Protection of National Infrastructure (CPNI) website.
- Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program
Idaho National Laboratory (INL) National SCADA Test Bed (NSTB). This paper examines common cyber vulnerabilities found in electric power SCADA systems and explains how to mitigate them. Length is 55 pages. November 2008.
- Critical Infrastructure Protection -
Challenges and Efforts to Secure Control Systems
U.S. General Accounting Office (GAO). This information-packed report to Congress recommends improvement of control system security and explores the current trends and threats to these systems. Length is 74 pages. March 2004.
- Cyberspace Policy Review - Assuring a Trusted and Resilient Information and Communications Infrastructure
President Obama ordered a comprehensive review of cybersecurity strategy, policy, and standards as a starting point for developing broad goals to protect cyberspace communication infrastructure. Length is 76 pages. May 2009.
- Cyber Storm Exercise Report
Department of Homeland Security National Cyber Security Division. A mock cyber attack scenario on multiple government and private entities is described in this report, and significant findings of the exercise are reported. Length is 21 pages.
July 2009.
- EPA Needs to Determine What Barriers Prevent Water Systems from Securing Known Supervisory Control and Data Acquisition (SCADA) Vulnerabilities
United States Environmental Protection Agency, Office of Inspector General
Final Briefing Report - 2005-P-00002. This report identifies well-known system vulnerabilities found in SCADA networks and then explores why water asset owners are slow to implement cybersecurity protection. Length is 44 pages. January 6, 2005.
- Lessons Learned From Cyber Security Assessments of SCADA and Energy Management Systems
U.S. Department of Energy Office of Electricity Delivery and Energy Reliability, National SCADA Test Bed (NSTB). This document represents a survey and classification of vulnerabilities found in actual testbed SCADA systems and presents the necessary steps to mitigate their impact. Length is 29 pages. September 2006.
- National Infrastructure Protection Plan - Partnering to Enhance Protection and Resiliency
A plan for protecting critical infrastructure and key resources of the United States is the subject of this document. Length is 188 pages. 2009.
- North American Electric Reliability Council (NERC) Reliability Standards
The Critical Infrastructure Protection (CIP) tab on the NERC web page contains NERC standards for cybersecurity that can be applied to other industries as well.
- Process Control Systems in the Chemical Industry: Safety vs. Security
Idaho National Laboratory. This short, eight-page document makes the case for cybersecurity in the chemical industry. April 2005.
- Roadmap to Secure Control Systems in the Chemical Sector
Prepared by Chemical Sector Roadmap Working Group, sponsored by the U.S. Department of Homeland Security and the Chemical Sector Coordinating Council. This Chemical Sector working group has developed five goals along with milestones to implementing a cybersecurity strategy. Length is 76 pages. September 2009.
- Strategy for Securing Control Systems - Coordinating and Guiding Federal, State and Private Sector Initiatives
Department of Homeland Security (DHS) National Cyber Security Division. This DHS document develops and describes a strategy to protect the United States' critical infrastructure and key resources. Length is 128 pages. October 2009.
- Top 10 Vulnerabilities of Control Systems and Their Associated Mitigations, 2007
North American Electric Reliability Council Control Systems Security Working Group and U.S. Department of Energy National SCADA Test Bed Program. This short, eight-page document lists 10 top vulnerabilities found in control systems and offers a graded approach to mitigating them. December 7, 2006.
- Wireless Procurement Language in Support of Advanced Metering Infrastructure Security
U.S. Department of Energy Office of Electricity Delivery and Energy Reliability, National SCADA Test Bed. This document explains procurement language specifications for procuring wireless products integrated in advanced metering infrastructure. Length is 38 pages. August 2009.