News Stay informed about the latest enterprise technology news and product updates.

DHS to prod industry on SCADA security

The Department of Homeland Security is ready to roll out an effort to convince about 565 facilities in the U.S. using process control systems to address their computer security gaps.

The Department of Homeland Security (DHS) is ready to roll out an effort to convince about 565 facilities in the...

U.S. with process control systems to address their computer security gaps.

Leading the campaign will be James McDonnell, director of protective security division (PSD), Information Analysis and Infrastructure Protection Directorate (AIPD), at DHS. "It is incumbent upon IAIP to ensure that those responsible for protecting America are doing something about it," McDonnell said.

Companies have been slow to undertake SCADA revamping efforts on their own. Robert Dacey, director of information security issues at the U.S. General Accounting Office, released the GAO's newest report on SCADA vulnerabilities at hearings of the Government Reform Committee's Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census on March 30. The report said, "Until industry users of control systems have a business case to justify why additional security is needed, there may be little market incentive for the private sector to develop and implement more secure control systems."

Aside from the apparent absence of a "business case," Dacey said that the tension between IT security personnel on one hand, and control system engineers on the other was responsible for corporate stasis. That was echoed by Joseph Weiss, an executive consultant with Burlington, Mass.-based KEMA Inc. "There is often animosity between IT and operations," he said. "As a point of illustration of this dichotomy, a two-level security solution that IT often proposes includes the requirement to add an additional password login function. This requirement might prevent a substation or power plant engineer from addressing a real-time outage or incident while attempting to get past a password lockout."

The GAO's Dacey repeated a recommendation from earlier reports: that the federal government provide appropriate incentives. "Without appropriate consideration of public policy tools, such as regulation, grants, and tax incentives, private-sector participation in sector-related CIP [critical infrastructure protection] efforts may not reach full potential," Dacey said.

Dig Deeper on Information security policies, procedures and guidelines



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.







  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...