- Posted by fedco
- On April 5, 2016
- SCADA ICS Security, scada security, scada security consultant
The term “SCADA ICS Security” is the term that can be understood by more people compare to use ICS term only. But the term ICS which stand for Industrial Control System actually it is the common term from technical perspective to cover SCADA as one of its subset.
For simplify, the term ICS consist of at least six (6) system entities, there are:
- Distributed Control System (DCS)
- Safety Instrumentation System (SIS)
- Supervisory Control and Data Acquisition (SCADA)
- Programmable Logic Controller (PLC)
- Advanced Process Control (APC)
- Flow Computer
So the term ICS security actually it should cover those six (6) elements as its integrated coverage. The term of SCADA ICS security usually being used to avoid misunderstanding to the common audience where they never know in detail what is ICS in specific meaning, only people that have some extensive experience in Instrument Control engineering in critical infrastructure industry such as energy industry that may have more sense regarding what is ICS in specific meaning.
Being an SCADA ICS security consultant it means this professional should understanding the engineering aspects of each elements under the ICS environment. On top of that, the cyber security knowledge and skills should be present to create integrated capability to cover the SCADA ICS security assurance.
Some people may see SCADA ICS security is only an expansion of traditional IT security, by adding some field devices and control stations into its coverage. This mislead understanding will lead to improper SCADA ICS security assurance development and deployment, e.g. performing vulnerability assessment and penetration testing as far as IT security does will bring some unknown risk exposure with safety as its ultimate risk.
The standard way to become an SCADA ICS security consultant is by experience that being built in the ICS environment itself, including planning, strategizing, developing, maintaining, auditing, sustainability activities in day to day approach to ensure the SCADA ICS security assurance.
As closing statement on this posting, the SCADA ICS security is not copy cat of IT security, there are some things that we can and can not do in SCADA ICS environment. Risk based activities is the soul if we want to do some activities in SCADA ICS because it has the safety risk explosure as the ultimare risk level. Ensure the safety operations in all activities that related to SCADA ICS security assurance, and do not breach the barricade without knowing exactly what we will do in term of SCADA ICS security implementation.