Critical Infrastructure Protection Program
The study, design and implementation of precautionary measures aimed to reduce the risk that critical infrastructure fails as the result of war, disaster, civil unrest, vandalism, or sabotage. Many governments in rest of the world have taken different initiatives to drive these programs successfully.
European Union
The European Programme on Critical Infrastructure Protection ([EPCIP]) programme has been laid out in EU Directives by the Commission (e.g., EU COM(2006) 786 final). It has proposed a list of European critical infrastructures based upon inputs by its Member States.
Germany
The German critical-infrastructure protection programme includes IT systems, headed by the German Federal Office for Information Security.
United Kingdom
In the UK the Centre for the Protection of National Infrastructure provides information, personnel and physical security advice to the businesses and organisations which make up the UK's national infrastructure, helping to reduce its vulnerability to terrorism and other threats. It can call on resources from other government departments and agencies, including MI5 (Military Intelligence, Section 5), the Communications Electronics Security Group and other Government departments responsible for national infrastructure sectors.
United States
The USA has had a wide-reaching Critical Infrastructure Protection Program in place since 1996. Its Patriot Act of 2001 defined critical infrastructure as those
"systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitation impact on security, national economic security, national public health or safety, or any combination of those matters." Critical Infrastructure Protection or CIP is a national program to assure the security of vulnerable and interconnected infrastructures of the United States. In May 1998, President Bill Clinton issued Presidential directive on the subject of Critical Infrastructure Protection. This recognized certain parts of the national infrastructure as critical to the national and economic security of the United States and the well-being of its citizenry, and required steps to be taken to protect it.The federal government has developed a standardized description o f critical infrastructure, in order to facilitate monitoring and preparation for disabling events. The government has a private industry in each critical economic sector to :
- Assess its vulnerabilities to both physical or cyber attacks,
- Plan to eliminate significant vulnerabilities;
- Develop systems to identify and prevent attempted attacks;
- Alert, contain and rebuff attacks and then, with the Federal Emergency Management Agency (FEMA), to rebuild essential capabilities in the aftermath.
Agencies, Associations and Laws in North America/EU that impact cyber security of SCADA Systems include but are not limited to
- API (American Petroleum Institute)
The American Petroleum Institute, commonly referred to as API, is the main U.S trade association for the oil and natural gas industry, representing about 400 corporations involved in production, refinement, distribution, and many other aspects of the industry.
- AGA (American Gas Association)
The American Gas Association (AGA), founded in 1918, is an American trade organization representing natural gas supply companies and others with an interest in manufacture of gas appliances and the production of gas.[1] About 92% of the 70 million natural gas customers in the US receive their gas from AGA members.
- NERC (North American Electric Reliability Council)
The reliability standards- the planning and operating rules that electric utilities follow to ensure the most reliable system possible. These standards are developed by the industry using a balanced, open, fair and inclusive process managed by the NERC Standards Committee. The committee is facilitated by NERC staff and comprised of representatives from many electric industry sectors. Proposed standards are reviewed and approved by the NERC Board of Trustees, which then submits the standards to the US Federal Energy Regulatory Commission (FERC) and Canadian provincial regulators for approval.
- DHS (Department of Homeland Security)
The United States Department of Homeland Security (DHS), commonly known in the United States as "Homeland Security", is a Cabinet department of the U.S. federal government with the responsibility of protecting the territory of the U.S. from terrorist attacks and responding to natural disasters.
- OPS (Office of Pipeline Safety)
The Department of Transportation's (DOT) Pipeline and Hazardous Material Safety Administration (PHMSA), acting through the Office of Pipeline Safety (OPS), administers the Department's national regulatory program to assure the safe transportation of natural gas, petroleum, and other hazardous materials by pipeline. OPS develops regulations and other approaches to risk management to assure safety in design, construction, testing, operation, maintenance, and emergency response of pipeline facilities. Since 1986, the entire pipeline safety program has been funded by a user fee assessed on a per-mile basis on each pipeline operator OPS regulates.
- CIDX (Chemical Industry Data Exchange)
CIDX is a membership-based organization; dedicated to improving the ease, speed and cost of securely conducting business electronically, focused on the development of eBusiness standards, called Chem eStandards, which have become the de facto standards for transacting business electronically in the industry.
- ENISA- European Network and Information Security Agency
The European Network and Information Security Agency (ENISA) is an agency of the European Union. ENISA was created in 2004 by EU Regulation No 460/2004 and is fully operational since September 1st, 2005. The objective of ENISA is to improve network and information security in the European Union. The agency contributes to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the EU Internal Market.
|
