NIST announces the release of draft SP 800-82, Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security. SP 800-82 provides guidance for establishing secure industrial control systems (ICS), including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other smaller control system configurations such as skid-mounted Programmable Logic Controllers (PLC). ICSs are typically used in industries such as electric, water, oil and gas, transportation, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (automotive, aerospace, and durable goods). The document provides an overview of ICSs and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks. NIST requests comments on SP 800-82 by December 22, 2006. Please submit comments to 800-82comments@nist.gov with "Comments SP800-82" in the subject line.
