Water Sector Roadmap

From SCADApedia

The Roadmap to Secure Control Systems in the Water Sector was developed by a group of thirty water system asset owners in the Water Sector Coordinating Council Cyber Security Working Group. Funding for the effort was provided by the Department of Homeland Security and American Water Works Association. This roadmap outlines plans to create control systems and networks resilient to cyber incidents in the drinking and waste water segments by 2018. This document is similar to the Energy Sector Roadmap developed under an industry / government effort.

Contents 1 Vision 2 Goals 3 Implementation Process 4 External Links

Vision

"In 10 years, industrial control systems for critical applications will be designed, installed and maintained to operate with no loss of critical function during and after a cyber event."

Goals

The roadmap is composed of four goals and near, mid and long term milestones for each goal. The roadmap refers to near-term as 1 year, mid-term as 1-3 years and long term as 3-10 years and is summarized on page 23.

1. Develop and Deploy Industrial Control System (ICS) Security Programs - Many near term milestones including "integrate security as a key goal in every project plan" and "80%" of water sector executives recognize ICS security is mission critical". Mid-term milestones include developing and conducting awareness plans. Long-term milestones focus on sustaining the sector roadmap.
2. Assess Risk - Developing risk assessment methodology and metrics for the water system are a near term milestone, followed by sector-wide training in the mid-term, and implementation and use of the metrics in the long term.
3. Develop and Implement Risk Mitigation Measures - The milestones for this goal cover a wide range of activities. For example, the near-term milestones include vendors increasing security features by 50%, replacing default passwords, a recommended practice working group, cyber response template, ... In the mid-term the reducing the time to patch by 50% for "Frameware" and 99.9% for Applications. In the long-term ICS are self-defending and ICS security certifications are in place for operators.
4. Partnership and Outreach - Government incentives for cyber security and awareness activities are near-term milestones. In the mid-term communication channels with the public are in place to increase confidence. The long term has life cycle investment plans, Government support for threat monitoring and effective sector wide threat communication of threat information.
   

Implementation Process

A detailed implementation plan is described on pages 36 & 37 of the document.

External Links

Complete Water Sector Roadmap Document