Physical security for Industrial Control Systems/Supervisory Control and Data Acquisition systems (ICS/SCADA) is paramount for a proficiently-defended implementation of this technology. A vital element to a solid security plan for ICS/SCADA systems is physical security.
It is important to remember that ICS/SCADA are a sort of marriage between IT technologies and traditional, physical security; this makes physical security a bit more important for ICS/SCADA systems than traditional computer systems that rely mostly on cybersecurity and only minimally on physical security (beyond just keeping the server room locked, of course).
This article will provide a rundown of physical security for ICS/SCADA environments, including the importance of physical security for these systems, sources of regulatory guidance, goals of physical security and the important elements of the defense-in-depth solution to physical security.
Importance of physical security
Deploying physical security for ICS/SCADA systems is broad and needs to be situation-specific based on the industry, type of system and other factors. Physical security measures for these systems are intended to reduce the risk of loss or damage to the plant, its assets and the surrounding environment. These assets can include physical assets (plant equipment, tools, computers), intellectual property and proprietary data.
Sources of regulatory guidance
Regulatory guidance for ICS/SCADA physical security can be found in NIST SP 800-53 Physical and Environmental Protection (PE), available here. This document provides information pertaining to designated entry/exit points, transmission media, monitoring physical access, handling visitors and maintaining logs. This document also provides guidance for emergency situations, backup for lighting and power and environmental controls, including temperature and humidity.
Goals of physical security for ICS/SCADA
While physical security (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/jdgT8pBbNUg/