National Technical Reports Library

The National Technical Information Service acquires, indexes, abstracts, and archives the largest collection of U.S. government-sponsored technical reports in existence. The NTRL offers online, free and open access to these authenticated government technical reports. Technical reports and documents in its repository may be available online for free either from the issuing federal agency, the U.S. Government Publishing Office’s Federal Digital System website, or through search engines.

Details

Lessons Learned From Cyber Security Assessments of SCADA And Energy Management Systems.

DE2007911724

Publication Date	2006
Personal Author	Fink, R. K.; Spencer, D. F.; Wells, R. A.
Page Count	29
Abstract	The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.
Keywords	Assessments Vulnerability Energy management systems Control systems Information security Cyber security SCADA(Supervisory Control and Data Acquisition)
Source Agency	Technical Information Center Oak Ridge Tennessee
Corporate Authors	Idaho National Lab., Idaho Falls.; Department of Energy, Washington, DC.
Supplemental Notes	Sponsored by Department of Energy, Washington, DC.
Document Type	Technical Report
NTIS Issue Number	200802

Lessons Learned From Cyber Security Assessments of SCADA And Energy Management Systems.

Lessons Learned From Cyber Security Assessments of SCADA And Energy Management Systems.
DE2007911724

Publication Date	2006
Personal Author	Fink, R. K.; Spencer, D. F.; Wells, R. A.
Page Count	29
Abstract	The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.
Keywords	Assessments Vulnerability Energy management systems Control systems Information security Cyber security SCADA(Supervisory Control and Data Acquisition)
Source Agency	Technical Information Center Oak Ridge Tennessee
Corporate Authors	Idaho National Lab., Idaho Falls.; Department of Energy, Washington, DC.
Supplemental Notes	Sponsored by Department of Energy, Washington, DC.
Document Type	Technical Report
NTIS Issue Number	200802