isa99 - security standards in water treatment...
TRANSCRIPT
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
ISA99 - Security Standards in water treatment plants
Marcelo Teixeira de Azevedo1*, Alaide Barbosa Martins
2*, and Sergio Takeo Kofuji
1
1Polytechnic School of the University of Sao Paulo, POLI-USP, São Paulo, SP, Brazil
2Odebrecht Ambiental – Foz do Brasil, Av. Jorge Amado, S/N, Jaguaribe, Salvador-Bahia
KEYWORDS
SCADA, Security, ISA Standards, Industrial networks, ISA99
ABSTRACT
Currently, information security is a constant concern for many institutions and countries that use
computer resources for communication and to deliver services. Protective measures and countermeasures
for traditional networks, such as firewalls and intrusion detectors, are well-known and widely used. For
Supervisory Control and Data Acquisition (SCADA) systems, the situation is no different. In the early days,
such systems were based on mainframes and closed-architecture platforms; in other words, they were
dependent on manufacturers and consequently isolated from other systems. These days, SCADA systems
are converging more and more onto open-system platforms, with architectures heavily reliant on
connectivity; accordingly, interconnection between such systems and the corporate network, and in some
cases, the internet itself, is more common. Taking this issue into account, and based on current
technological development in the information security area, this research proposes a methodology to
implement automation systems in water treatment plants, with an emphasis on security, and a focus on
industrial systems that employ the ISA99 automation safety standards. In summary, the purpose of this
essay is to study the safety rules, methods and methodologies for industrial systems, using the water
treatment process as a working example, and to propose a methodology to minimize inherent safety
hazards.
Introduction
Automated systems have been gaining in prominence over the last few decades and their implementation
has become more and more important in recent times. Among the ubiquitous technologies now available
in modern society, we can highlight electronic commerce, financial transactions over the internet, VPNs,
customer service websites and many other computerized systems that are now an intrinsic part of our
daily lives. The amount of information present in modern society, on which, to one degree or another, we
depend more and more, has evolved exponentially and defense methods and security practices have
become necessary and should be studied in order to ensure greater protection of sensitive information
that, if attacked, could have a substantial negative impact on modern society, countries and concerned
groups. Such attacks could result in great damage, including disruption of services regarded as critical to
the functioning of society, such as:
Azevedo, Martins, Kofuji 2
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
� Distribution of electric energy, water and natural gas;
� Petrochemical production;
� Nuclear facilities;
� Air and land traffic control systems.
For countries, any disruption of basic services, such as air and urban traffic control systems, road signage,
water management, electricity and gas utilities, to name a few, could create widespread damage and even
a breakdown of social order. In the economic sphere, a disruption to critical systems, such as those
provided by financial institutions, banks and government entities could potentially isolate a country.
In companies operating in many different segments, information security practices have been studied and
implemented in order to minimize apparent risks, however this digital universe is subject to many different
types of attack, both physical and virtual, which can compromise systems in general as well as the people
connected to them. Practices adopted can help to mitigate part of these security issues, and these must
encompass all resources: computers and infra-structure, as well as human resources (MARCIANO, 2006).
From the security standpoint, the human-computer relationship is an essential consideration, and, on the
whole, it makes an important contribution to the security of information. Therefore, information security
practices must take into account both technological and humanistic aspects so that the environment as a
whole can be administered securely (MARCIANO, 2006).
This study proposes that the context of information security be studied and adapted to its operational
environment, taking into account technical, scientific and humanistic aspects, which may vary from
company to company, or even from nation to nation. The industrial automation environment, in which
proprietary systems and dedicated technologies reigned supreme in the early days, consisted of closed
systems with no external connectivity (KRUTZ, 2006). Currently, industrial automation systems, especially
Supervisory Control and Data Acquisition (SCADA), are converging onto open systems and, in some cases,
they are connected to corporate networks or even the internet itself. The use of telecommunications
resources and current technological advances enable remote access, sharing, integration and
consequently, data processing at a distance, by means of these resources. Similarly, this necessity for
integration between different systems within a single company is implicit in the relationship with the other
systems, for the purposes of increased productivity and decision-making efficiency. However, this model of
integration and sharing can give rise to serious issues with regards to security, because the control
systems, as mentioned previously, used to be completely closed and isolated from the other systems
within a company; thus, within this new context, a new approach obviously needs to be considered.
Justification
In the undertaking of this research, a vast collection of references was discovered (articles, standards,
books, dissertations and theses) dealing with the subject of Information Security and Automation
Security. Despite this variety, it is not easy to find a basic methodology or even a set of consistent and
coherent directives to aid in the planning and implementation of an Information Security System for
Industrial Networks. With the aim of overcoming this deficiency, this study proposes a theoretical and
Azevedo, Martins, Kofuji 3
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
conceptual methodology to aid in the conception, creation and implementation of an information
security project based on the following norms:
• ISA99 Security Guidelines and User Resources for Industrial Automation and Control Systems,
3rd Edition
• ANSI/ISA-99.00.01-2007 - Security for Industrial Automation and Control Systems Part 1:
Terminology, Concepts, and Models
• ANSI/ISA-99.02.01-2009 - Security for Industrial Automation and Control Systems: Establishing
an Industrial Automation and Control Systems Security Program
• ANSI/ISA-TR99.00.01-2007 - Security Technologies for Industrial Automation and Control
Systems
• ANSI/ISA 99.00.03-2007 – Part 3: Operating an Industrial Automation and Control System
Security Program;
• ANSI/ISA 99.00.04-2007 – Part 4: Technical Security Requirements for Industrial Automation
and Control Systems.
Recent studies discuss part of the security issue, although these are focused mainly on security
elements, such as firewalls, IDS and others. Furthermore, the industrial environment is, by definition, a
complex one, comprising of several different components, making further investigation into them all the
more important. Considering all these factors and the complexity of critical systems, the importance of a
study on the security of the industrial environment is justified. The use of a methodology in the area of
industrial automation that enables risks to be mitigated and operational alternatives to be managed and
proposed is one of the main points of motivation for this study.
MATERIAL AND METHODS
For this study, it was decided to look into the identifications of scenarios in a water treatment station.
Accordingly, a system that reflects the entire water treatment process was constructed, can be observed in
Figure 1. The water treatment process studied has the aim of ensuring the production of potable water,
based on Decree no.518 of the Ministry of Health and Resolution SS no. 65 of the State Health
Department.
Azevedo, Martins, Kofuji 4
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
Figure 1 – Water Treatment Station (WTS). Source: Foz do Brasil.
Scenarios
The following two typical scenarios used in the water treatment process were researched for this case
study:
� Capital Scenario
� Countryside Scenario
In these scenarios, security breaches can occur if the security policy is not suited to the environment,
which may then compromise the overall information within the system. These scenarios will be analyzed,
starting with a definition of the standards and by highlighting the differences with the implementation of
data security. Furthermore, in Figure 2, it is possible to visualize the layout of an architecture
recommended by the ISA 99 standard, which strongly emphasizes the security aspect. In the next chapter,
such scenarios will be analyzed through the ISA 99 standards, with the main purpose of evaluating the
issue of security.
Azevedo, Martins, Kofuji 5
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
Figure 2 – Scenario suggested by the ISA 99.
Methodology Adopted
The purpose of this item is to propose a methodology for the implementation of a water treatment plant
with a strong emphasis on information security, based on studies and the analysis of three other
methodologies: FMEA, FTA and SPA.
Note that his methodology will probably not be able to completely fulfill the requirements of a given
organization; however, it can serve as an initial reference for the implementation process of a certain
enterprise. The methodology described here follows the recommendations of the ISA 99 and other
standards mentioned previously. The implementation of the proposed system is based on the principle of
standardization and documentation of procedures, tools and techniques used, as well as the creation of
indicators, records and a complete educational process of awareness (MARTINS; SANTOS, 2005). The
stages that make up the process are presented in figure 3.
Azevedo, Martins, Kofuji 6
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
Figure 3 – Stages for implementation. Source: Martins and Santos (2005).
Step 1: The Establishment of an Information Security Policy
The construction of a security policy for an organization must be based on the standards and norms. This is
because security policy is a document that must describe the security recommendations, rules,
responsibilities and practices, in accordance with the specifications and necessities of the enterprise.
Accordingly, the elaboration of a security policy is a complex task that requires constant review and
alterations.
Step 2: Definition of the Scope
In order to define the scope, it must be determined which company assets are to be governed by the
security policy, including: industrial equipment, systems, communications structure, personnel, internal
Azevedo, Martins, Kofuji 7
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
and external network infrastructure and services. This step will produce the following results: a map of the
network perimeter, inventory and classification of assets.
Step 3: Risk Analysis
In this step, a security analysis for the previously defined scope is carried out; in other words, through the
identification of the information assets involved and the mapping of all threats pertaining to these. The
level of risk involved must be ascertained for each threat. After an analysis of the risks, those which are
deemed acceptable and unacceptable are defined.
Step 4: Management of Areas of Risk
This step is a continual process, which does not end with the implementation of a security measure.
Constant monitoring itself becomes a resource with which it is possible to identify the effectiveness of the
application of the measure and also for the execution of reviews and adjustments. In this stage, the impact
that a certain risk may cause on the business is estimated. Thus, it is necessary to identify the most critical
assets and vulnerabilities, in order to enable the optimization of efforts and expenditures with regards to
security. Once the risks have been identified and the organization has defined which ones are to be dealt
with, the security measures should finally be implemented.
Step 5: Selection of the Controls and Declaration of Applicability
Controls must be selected and put into practice to ensure that the risks be reduced to a level that they do
not cause problems for the enterprise. This must occur after the identification of the requirements.
Step 6: Implementing Controls
The processes for the implementation of countermeasures and security directives take place throughout
the implementation phase of the methodology. Then, a monitoring process for all the controls
implemented must be put into place and, accordingly, specific indicators must be produced that enable
the working conditions and performance of the analyzed environment to be visualized. The
implementation of the controls selected may involve the acquisition of software and/or hardware
technology (additional costs), but, in some cases, this implementation only results in the creation of
internal standards and norms that must be followed (MARTINS; SANTOS, 2005).
Step 7: Auditing the System
The main purpose of system audits is to check whether the following conditions occur satisfactorily, based
on clear evidence (MARTINS; SANTOS, 2005):
a. that operational procedures and instructions are adequate and effective;
b. that the different sectors of the enterprise have been operating in accordance with the
standards;
c. that the subsidies supplied are sufficient for the creation of periodic critical analysis
reports.
Azevedo, Martins, Kofuji 8
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
Characterization
In this item, the scenarios described in chapter 3 were submitted for evaluation of the security index based
on the ISA 99 control spreadsheet, and by using the GUT methodology. Finally, recommendations for
improvement were suggested.
Step 1: None of the scenarios presented provided a clear and objective security policy. Concern with the
level of security, i.e., the use of security techniques and equipment, was the responsibility of the
professional in charge of plant automation. Thus, an action plan for the implementation of an information
security policy needed to be structured. It is important to emphasize that the creation of a security policy
should not be dealt with in an isolated manner. It should be presented to all employees and a process of
awareness is necessary to ensure that the principles of this policy are followed by all the users within the
enterprise.
Step 2: A survey of the assets involved is necessary in order to define the scope. A cost-benefit analysis is
very important for the definition of the scope for the implementation of controls, since the broader the
scope, the greater the complexity and, consequently, the greater the investment. The assets survey was
carried out manually, generating the scenarios described in chapter 3.
Step 3: In order to carry out the study of security priorities, the GUT methodology was used, which has the
purpose of evaluating each factor, taking into consideration criteria of gravity, urgency and tendencies.
The parameters and the respective values associated to each aspect are featured in Table 1.
Table 1 – GUT methodology parameters.
VALUE GRAVITY URGENCY TENDENCY
1 No gravity No hurry Will not get worse
2 Not very serious Can wait a little Will get worse in the long term
3 Serious As soon as possible Will get worse in the medium
term
4 Very serious Urgent Will get worse in little time
5 Extremely serious Immediate action required Will get worse quickly
The item “Gravity” concerns the impact caused to the water treatment station for the supply of potable
water, whilst “Urgency” is linked to the time required to reduce or solve the problem and “Tendency” is
associated to future impacts, in the event that no action is taken to solve the problem. Accordingly, wide-
ranging research was carried out with regards to points of criticality that could affect security in water
treatment plants. These items can be observed in Table 2.
Azevedo, Martins, Kofuji 9
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
Table 2 – Items of criticality.
ITEM G U T. TOTAL
Firewall 5 5 5 125
Firewall with redundancy 3 4 3 26
Equipment with authentication 5 5 4 100
Cryptography 3 3 3 27
Strong cryptography 2 2 2 8
IDS 5 4 3 60
Updated equipment 5 5 5 125
Virtual Private Network 4 3 2 24
Monitoring 2 4 4 32
Control of physical access 4 5 5 100
Periodic updates 3 3 3 27
Virtual Local Network 5 3 3 45
In Graph 1, it is possible to observe the graphic representation of items of criticality, considering that the
most critical items are: lack of firewall, out-of-date equipment and physical access control.
Graph 1 – Items of criticality. Source: The author.
Azevedo, Martins, Kofuji 10
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
Step 4: The controls necessary to protect assets must be defined after analysis of the risk, in such a
manner that the identification process of the risks and implementation of controls must be continuously
executed. With the study carried out in the previous step, it is possible to measure the impact that a
certain risk may cause and, thus, it was possible to implement controls only in the most critical situations,
because it is very difficult to offer total protection against all existing threats.
Step 5: In this step, from the controls presented by ISA 99, those applicable to the organization were
selected. The control spreadsheet referenced in Chart 2 was created based on the ISA 99 standards, where
recommendations of the ISA 99 are dealt with. It can be observed that the technology suggested by the
security standard is described, and the associated vulnerabilities, deficiencies and recommendations are
displayed.
Chart 2 – ISA 99 recommendations.
TECHNOLOGY DESCRIPTION VULNERABILITIES
CORRECTED DEFICIENCIES RECOMMENDATIONS
Virtual Networks
(Vlan)
Segregation of
physical networks and
logical networks
Segregation of
traffic
Spoof Mac
Spanning tree protocols
VLAN Hopping
Periodic updates of the version;
Segregation of the corporate network
and the industrial network.
Network Firewalls Mechanism used for
traffic control
Protection of
network traffic that
passes through the
device
Necessity to work in
conjunction with intrusion
detectors;
Large quantity of logs;
Professionals trained for daily
operations.
Segmentation of the networks into
zones;
Creation of DMZ for internet traffic.
Virtual Private
Network (VPN)
Remote access with
cryptography
Controlled access to
networks via
authentication
Access from anywhere
(internet) to the corporate
network
Strong method of authentication
Utilities of the
auditing log Supporting log tool
Authentication and
utilization check
Extensive documentation and
backup
Strategic planning in conjunction with
other areas
Biometric
Authentication
Biometric
authentication
Strong
authentication Not extensively used
Occasional use in restricted
equipment
Authentication and
Authorization
Technology
Permission and levels
of access
Controlled access to
networks via
authentication
Necessity to synchronize all
assets in the environment
Authentication/authorization method
centered in the network
Cryptography Encrypting and
decrypting process
Cryptography in
clear text traffic
A cryptography method that
all equipment supports should
be used
Use of cryptography in all internal and
external communication
Intrusion Detectors
Utility for the
detection of
events not permitted
on the network
Identification of
malicious traffic
Requires signature updates
and excess of false-positives Use in segments
Physical Control Restricted access to
field equipment
Only authorized
personnel can
handle
and undertake
physical alterations
If not used with a biometric
method, it could prove to be
ineffective
Controlled access
Azevedo, Martins, Kofuji 11
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
Step 6: After implementation of the controls, a monitoring mechanism is required to avoid unnecessary
occurrences. The implementation of control may be carried out by monitoring software programs and
issuing periodic reports.
Step 7: The auditors must check that the security conditions of the information have been implemented
and documented correctly and according to the definitions of the security policy. The ISA 99 standards do
not deal with auditing, but a mechanism for the detection of non-conformities and preventative actions is
necessary so that any deviances identified do not occur again. Accordingly, periodic execution of internal
auditing in additional to external auditing is necessary for a more precise verification that the defined
security policy is being followed correctly. In addition, an auxiliary mechanism for the detection of events
based on the behavior of the water treatment station is described in the next item, and this can be used
additionally in the auditing.
For the creation of a criticality index, the GUT methodology table was considered in conjunction with the
recommendations of the ISA 99, which resulted in Table 5.
Table 3 – Criticality Index.
SCORING SITUATION INDEX
100-125 Extremely serious 4
75-100 Very serious 3
50-75 Serious 2
25-50 Not very serious 1
0-25 No gravity 0
With the creation of this index in conjunction with the definitions of the aforementioned stages, the
scenarios were submitted to evaluation. The values defined by the GUT methodology in conjunction with
the criticality index, were transported to the criticality column, which resulted in the value 22. This value is
considered to be a secure index, according to the definitions and security policies of the enterprise. All the
sanitation plants subject to this methodology must get close to this value to be considered secure. The
situation column is the existence, or otherwise, of such technology; existence is represented by the
number 1 and inexistence by the number 0. In the event of inexistence of the technology, the value
attributed to criticality will be subtracted, and the formula below will be responsible for the final value.
Value = (Sum of Criticality – (Value of the Criticality if the Situation =0))
SCENARIO 1 – CAPITAL
For the first scenario, denominated Scenario 1 - Capital, the Plant is considered secure, but only the IDS
was not present in the Plant of the enterprise, as illustrated in Table 6. However, the value of this item was
Azevedo, Martins, Kofuji 12
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
not considered a priority for the definition of the security policy of the enterprise and accordingly, it did
not affect the security index. But as an additional measure, the acquisition of an intrusion detector is highly
recommended, as well as the execution of its strategic positioning in order to visualize internal and
external traffic.
Table 4 – Capital Plant Index.
TECHNOLOGY CRITICALITY SITUATION
Firewall 4 1
Firewall with redundancy 1 1
Equipment with authentication 4 1
Cryptography 1 1
Strong cryptography 0 1
IDS 2 0
Updated equipment 4 1
Virtual Private Network 0 1
Monitoring 1 1
Control of physical access 3 1
Periodic updates 1 1
Virtual Local Network 1 1
Total 22 20
SCENARIO 2 – COUNTRYSIDE
In the second scenario, called Countryside, the sanitation Plant proved not to be secure, especially in the
most remote plant, normally also less automated, which in some instances does not have firewall, VPN
and VLAN. Therefore the execution of a more specific analysis in the Countryside sanitation plant is highly
recommended, in order for the security technologies described in the ISA 99 standards to be adopted and
used in the best manner possible. Furthermore, the sanitation plant denominated Capital, could be used as
a reference for the implementation of the technologies. In Table 7, it is possible to observe the items not
included in the Plant.
Azevedo, Martins, Kofuji 13
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
Table 5 – Countryside Plant Index.
TECHNOLOGY CRITICALITY SITUATION
Firewall 4 0
Firewall with redundancy 1 0
Equipment with authentication 4 0
Cryptography 1 1
Strong cryptography 0 0
IDS 2 0
Updated equipment 4 1
Virtual Private Network 0 0
Monitoring 1 1
Control of physical access 3 1
Periodic updates 1 1
Virtual Local Network 1 0
Total 22 10
CONCLUSIONS
For the execution of this study, research was carried out using up-to-date bibliographic references,
covering the most varied of subjects from the information security area, with emphasis on industrial
systems and industrial networks, as well as research pertaining to information security in the global
context.
Firstly, it is important to emphasize that to prepare a methodology for the secure implementation of a
water treatment plant is a complex task, both from the technical and managerial standpoint. In this
perspective, an approach and a definition are proposed by means of a secure implementation
methodology, based on the necessities of the corporation.
The ISA 99 set of security standards provides guidelines for security and managerial elements, with the
main objective of obtaining conformity for all security elements, including both basic and strategic
concepts, however it does not cover practices, procedures and rules for the application or execution of a
secure method of implementation. Accordingly, this study offers a resolution for this deficiency through
the proposal of a secure implementation methodology for water treatment plants, which can be adapted,
with modifications, to other types of equally critical industrial systems.
Azevedo, Martins, Kofuji 14
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
The execution of the stages of this study has contributed to the knowledge of the behavior of a water
treatment station, with the definitions of the flow chart and all the stages that make up the cycle. The
characterization process has enabled knowledge to be gained on industrial equipment and the system to
execute the data control and acquisition, as well as the protocols used.
The development of a system to characterize the stages of water treatment has enabled the behavior and
the impacts on the interaction between equipment in an industrial plant to be ascertained. The
experiments carried out to ascertain the detection of critical events have proven to be adaptable to the
environment and they are equally linked to the stages and the knowledge of the entire flow and the
criticality of the process. The events considered critical were detected as expected, according to the
business of the enterprise; however, a real approach and the use of some artificial intelligence techniques
are necessary.
There is in planning private company which mostly started the management of water treatment plants,
greater investment and attention to automation processes safely for plants that are still vulnerable, usually
remains this same concern is not observed in public management.
Finally, the use of security techniques in conjunction with the ISA 99 standards in this study may create
benefits with regards to system security, and these may also be extended in adaptations to other equally
critical environments, such as: the power grid, nuclear plants and the petrochemical industry, among
others.
References
ISA99 Security Guidelines and User Resources for Industrial Automation and Control Systems, 3rd Edition.
MARCIANO, J. L. P. Segurança da Informação : uma abordagem social. 2006. 212 p. Tese (Doutorado em Ciências da Informação) – Universidade de Brasília, Brasília, 2006.
KRUTZ, R. L. Securing Scada Systems . Indianapolis: Wiley Publishing, Inc., 2006.
MARTINS, A. B.; SANTOS, C. A. S. Metodologia para implantação do sistema de gestão da segurança da informação. Revista de Gestão da Tecnologia e Sistemas de Infor mação , v. 2, n. 2, p. 121-136, 2005.
TORRES, J. M. Analyzing risk and uncertainty for improving water distribution system security from malevolent water supply contamination events . 2008. Thesis (Master’s) – Office of Graduate Studies of Texas A&M University, Texas, 2008.
WILES, J. et al. Techno security's guide to securing SCADA : a comprehensive handbook on protecting the critical infrastructure. Burlington: Syngress, 2008.
HAMOUD, G.; CHEN, R.-L.; BRADLEY, I. Risk Assessment of Power Systems SCADA. In: Power Engineering Society General Meeting, 2003, Toronto, Canadá. Proceeding… Toronto, Canadá: IEE, 2003. 4 v.
List of Acronyms:
ANSI .................. American National Standards Institute
ASCE ................. American Society of Civil Engineers
AWWA .............. American Water Works Association
BS ..................... British Standard
Azevedo, Martins, Kofuji 15
Presented at the 2013 ISA Water/Wastewater and Automatic Controls Symposium
Crowne Plaza Orlando-Universal Hotel, Orlando, Florida, USA – Aug 6-8, 2013 – www.isawwsymposium.com
DFMEA ............. Design Failure Modes and Effects Analysis
DOS................... Denial of Service
WTS .................. Water Treatment Station
FMEA ................ Failure Modes and Effects Analysis
FTA ................... Fault Tree Analysis
HAZOP .............. Hazard and Operability Studies
HIDS .................. Host-Based Intrusion Detection
HMI .................. Human Machine Interface
IDS .................... Intrusion Detection System
IEC ................... International Electrotechnical Commission
IPS..................... Intrusion Prevention System
ISA .................... International Society of Automation
ISO ................... International Organization for Standardization
----
Marcelo Azevedo, MSc has worked for several large companies, including: EDS, IBM and AT&T.
Currently teaches computer network at Politec, in Brazil and is PhD. Student in Electric Engineering from
USP.
Alaíde Martins, MSc has worked for long time in several large companies of Water/Wastewater.
Currently is director of operations of a sewage treatment company at Odebrecht Ambiental, in Brazil
and is PhD. Student in Electric Engineering from USP.
Sergio Takeo, PhD is a teacher at Universidade de São Paulo. He has experience in Electrical Engineering
and Computer Science, with an emphasis on Advanced Computer Architectures.