ABSTRACT
The Business Continuity Process for SCADA .........................................................88 Types of Plans .......................................................................................................... 89 Business Continuity Plan .........................................................................................90 Continuity of Operations Plan .................................................................................90 Crisis Communications Plan .................................................................................... 91 Critical Infrastructure Protection Plan ..................................................................... 91 Incident Response Plan ............................................................................................ 91 Disaster Recovery Plan ............................................................................................ 91 Plan Objectives and Differentiation .........................................................................92 Examples of SCADA Systems at Risk ....................................................................92 SCADA Contingency Planning Process ..................................................................92 Developing the Contingency Planning Policy Statement ........................................93 Business Impact Analysis ........................................................................................93 Determining Business Processes and Recovery Criticality .....................................94 Identification of Resource Requirements .................................................................95 Identification of System Resource Recovery Priorities ...........................................96 Identification of Preventive Controls .......................................................................96 Creation of Contingency Strategies .........................................................................96 Backup and Recovery ..............................................................................................97 Backup Methods and Offsite Storage ......................................................................97 Alternate Sites ..........................................................................................................98 Equipment Replacement ........................................................................................ 100 Cost Considerations ............................................................................................... 101 Roles and Responsibilities ..................................................................................... 102 Exercise and Testing Program ................................................................................ 103 Exercises ................................................................................................................ 106 Training .................................................................................................................. 106 Plan Maintenance ................................................................................................... 107 SCADA System Contingency Plan Development ................................................. 107 Supporting Information .......................................................................................... 108 Activation and Notification Phase .......................................................................... 109
When addressing the problem of risk in supervisory control and data acquisition (SCADA) systems, it is important to review business continuity planning and disaster recovery (DR). A large portion of America’s power grid and water processing facilities are privately owned. These privately owned providers and users of SCADA systems need to have a continuity plan to survive threats to infrastructure. Business continuity planning addresses the overall issue of maintaining or reestablishing production in the case of an interruption. These interruptions may take the form of a natural disaster (e.g., hurricane, tornado, earthquake, and flood), an unintentional man-made event (e.g., accidental equipment damage, fire or explosion, and operator error), an intentional man-made event (e.g., attack by bomb, firearm or vandalism, and attacker or virus), or an equipment failure. From a potential outage perspective, this may involve typical time spans of days, weeks, or months to recover from a natural disaster, or minutes or hours to recover from a malware infection or a mechanical/electrical failure. Since there is often a separate discipline that deals with reliability and electrical/mechanical maintenance, some organizations choose to define business continuity in a way that excludes these sources of failure. Since business continuity also deals primarily with the long-term implications of production outages, some organizations also choose to place a minimum interruption
Activation Criteria and Procedure .......................................................................... 109 Notification Procedures .......................................................................................... 109 Outage Assessment ................................................................................................ 110 Recovery Phase ...................................................................................................... 111 Sequence of Recovery Activities ........................................................................... 111 Recovery Procedures .............................................................................................. 112 Recovery Escalation and Notification .................................................................... 113 Reconstitution Phase .............................................................................................. 113 Plan Appendices ..................................................................................................... 114 Technical Contingency Planning Considerations .................................................. 115 Common Considerations ........................................................................................ 115 Use of the BIA ....................................................................................................... 115 Maintenance of Data Security, Integrity, and Backup ........................................... 116 Protection of Resources ......................................................................................... 118 Identification of Alternate Storage and Processing Facilities ................................ 119 Use of HA Processes .............................................................................................. 120 Client/Server Systems ............................................................................................ 121 Client/Server Systems Contingency Considerations .............................................. 121 Client/Server Systems Contingency Solutions ...................................................... 123 Telecommunications Systems ................................................................................ 125 Telecommunications Contingency Considerations ................................................ 126 Telecommunications Contingency Solutions ......................................................... 127 Conclusion ............................................................................................................. 129 References .............................................................................................................. 129
limit on the risks to be considered. For the purposes of SCADA cyber security, it is recommended that neither of these constraints be made. Long-term outages (DR) and short-term outages (operational recovery) should both be considered. Because some of these potential interruptions involve man-made events, it is also important to work collaboratively with the physical security organization to understand the relative risks of these events and the physical security countermeasures that are in place to prevent them. It is also important for the physical security organization to understand which areas of a production site house data acquisition and control systems that might have higher-level risks (Falco 2006).
