[SCADASEC] British/European Standards

Bob Radvanovsky rsradvan at unixworks.net
Tue May 27 09:44:21 CDT 2008 

If you take a closer look at the web site, you'll notice "Services" (which is really "Supply"), taking you down the page to here:
http://www.bsi.de/english/topics/kritis/critical_infrastructures.htm#Supply

The "Supply sector" is responsible for:

Supply

The supply sector covers a number of facilities which provide preventive protection of basic needs of the population (e.g. the supply of water and food) and provide reactive help, either directly or indirectly, in cases where there is a danger to health and life (e.g. health and emergency services). Even if this assistance can to a large extent also be provided without the use of IT, information technology still plays a critical role, above all in communications, organisation and operations control.
The supply infrastructure sector includes the following segments:

    * health care
    * emergency services
    * disaster control
    * the supply of food
    * the supply of water
    * waste disposal

The use of IT is particularly heavy in the following areas of the supply infrastructure sector:

    * command headquarters
    * (special) communications links
    * databases

Specifically in the field of healthcare, the following areas are dependent on IT:

    * hospital management
    * databases containing confidential patient information
    * technical control centres and control systems

I have had numerous discussions with folks overseas about "CIP", and everyone has their own definition of it.  Also, many countries have theirs, and then there's the EU's definition.  From a global perspective, and I'm not sure if you've noticed this or not, most countries have adopted the U.S.'s CIP model as their own, as has the "Five Crown Countries" (Great Britain, New Zealand, Australia, Canada, and the U.S.) have all adopted similar models of what is "CIP".  Europe has been lagging for several years.  The countries which have an active CIP program include: Norway, Sweden, The Netherlands, Germany, France (kinda, sorta), and Italy.  In Asia, Japan, Korea, and now China have adopted the U.S. CIP model.  For South America, Brazil and Argentina.  Believe it or not, I have heard nothing about our partner to the South (that being Mexico).

Last, but not least, and FOR THE RECORD, there are 13 sectors and 4 key resources, of which the "Dam Sector" isn't really a sector, but a key resource.  I've already had talks with DHS about this, and have requested clarification on their web site to identify it as a "key resource" and not a "sector".  A "sector" contains one or more industries; a "key resource" does not.  I can go on more about this, but I don't want to bore people with this stuff.  To me, it's fascinating; others might not find it as nearly as interesting as I do.  Then again, I do research in this arena...  ;)

-rad

----- Original Message -----
From: "Brodsky, Jake" [mailto:jBrodsk at wsscwater.com]
To: scadasec at news.infracritical.com
Subject: Re: [SCADASEC] British/European Standards


> Stephan, 
> 
> I checked out the English links you mentioned.  I noticed that water
> resources are missing from the list, though Energy was there.  Is this on
> purpose?  
> 
> Jake Brodsky
> 
> -----Original Message-----
> From: scadasec-bounces at news.infracritical.com
> [mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Stephan Beirer
> Sent: Friday, May 23, 2008 7:53 AM
> To: scadasec at news.infracritical.com
> Subject: Re: [SCADASEC] British/European Standards
> 
> 
> Hi list,
> 
> 
> >I would support the idea that this is the correct forum to also discuss
> >European (including UK) perspectives on this topic.  I am UK-based, working
> >for an international consulting firm as the principal consultant on this
> >topic throughout EMEA (Europe, Middle East and Africa).
> >
> >Regarding the European SCADA test bed idea, I know that a number of
> >consortia have submitted proposals to the European Commission for funding,
> >but I'm not sure what the current status is.  Perhaps Eric or Henrik are
> >subscribers to this list and will respond with any further information that
> >they have.
> 
> 
> some information on the German CIP program can be found here
> http://www.bsi.de/fachthem/kritis/index.htm
> 
> here is the English version (less details)
> 
> http://www.bsi.de/english/topics/kritis/kritis_e.htm
> http://www.bsi.de/english/topics/kritis/ciip_en.pdf
> 
> 
> the German utilities industry association is expected to release 
> "recommemdations" (ie. not a 'standard') on technical aspects of 
> IT security in the near future. Since I'm bound by an NDA I can't 
> provide more information at the moment..
> 
> 
> regards,
> 
> stephan
> 
> 
>  -- 
> -------------------------------------------------------------------
> Dr. Stephan Beirer               E-Mail: s.beirer at gai-netconsult.de
> IT Security                      Phone:           +49-30-417898-230
> 
> GAI NetConsult GmbH - Am Borsigturm 58 - 13507 Berlin 
> Amtsgericht Charlottenburg HRB 52068 - USt.Id.Nr. DE 165533789
> Geschäftsführer: Wilfrid Kettler - Detlef Weidenhammer
> Telefon +49(30)417898-0 - Fax +49(30)417898-300 - Web: www.gai-netconsult.de
> 
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
> Informationen. 
> Sollten Sie nicht der vorgesehene Empfänger sein, informieren Sie bitte den
> Absender 
> und vernichten Sie anschließend diese E-Mail. Das unerlaubte Kopieren sowie
> die 
> unbefugte Weitergabe dieser E-Mail ist nicht gestattet. Aufgrund der
> leichten Manipulierbarkeit
> von E-Mails können wir keine Haftung für den Inhalt übernehmen.
> 
> 
> 
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
> 
> To review our privacy statement, please visit:
> http://www.infracritical.com/privacy.html
> 
> scadasec at news.infracritical.com
> http://news.infracritical.com/mailman/listinfo/scadasec
> 
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
> 
> To review our privacy statement, please visit:
> http://www.infracritical.com/privacy.html
> 
> scadasec at news.infracritical.com
> http://news.infracritical.com/mailman/listinfo/scadasec
>

More information about the scadasec mailing list