SCADA system cyber security — A comparison of standards

Cyber security of Supervisory Control And Data Acquisition (SCADA) systems has become very important. SCADA systems are vital for operation and control of critical infrastructures, such as the electrical power system. Therefore, a number of standards and guidelines have been developed to support electric power utilities in their Cyber security efforts. This paper compares different SCADA Cyber security standards and guidelines with respect to threats and countermeasures they describe. Also, a comparison with the international standard ISO/IEC 17799 (now ISO/IEC 27002) is made. The method used is based on a comparison of use of certain key issues in the standards, after being grouped into different categories. The occurrences of the key issues are counted and comparisons are made. It is concluded that SCADA specific standards are more focused on technical countermeasures, such as firewalls and intrusion detection, whereas ISO/IEC 17799 is more focused on organizational countermeasures.