NIST Director urges better security for critical industrial systems

In remarks on Oct. 20 to a workshop on critical infrastructure protection,* the director of the National Institute of Standards and Technology (NIST), Arden L. Bement Jr., called on industry to take immediate action to ensure the security of industrial control systems such as those used to manage the power grid. While the August blackout--the worst such event in the nation's history--was probably not the result of a deliberate act, Bement said, it did highlight the fragility of a critical part of the nation's infrastructure.

Bement's remarks were made at a National Science Foundation workshop in Minneapolis. He noted that there was a vital role for measurements and standards in improving the security of systems used in industry to monitor and control major, widely dispersed operations such as power generation and distribution systems, water and gas utilities, and large chemical plants and refineries.

Systems for handling Supervisory Control and Data Acquisition, or SCADA, are designed for performance and reliability. Response time is often a critical factor, which complicates the task of adding cryptographic modules and other security features. Bement cited on-going NIST work with a broad range of industry-led standards-development organizations to develop testbeds and guidelines for implementing SCADA security.

While much work on standards remains to be done, Bement said, there were many actions that could be taken immediately including creating basic security policies, closing system "back doors," and making better use of existing standards. Bement's prepared remarks are available at http://www.nist.gov/speeches/bement_102003.htm.

*Workshop on Critical Infrastructure Protection for SCADA (Supervisory Control and Data Acquisition) and IT, Minneapolis, Minn., Oct. 20-21, 2003.

---

---