Managing Critical Information Infrastructure Security Compliance: A Standard Based Approach Using ISO/IEC 17799 and 27001

  • Wipul Jayawickrama
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4277)


Information technology constitutes a substantial component of the critical infrastructure of many nations. Systems used by utilities and service industries such as electricity, water, wastewater treatment and gas are key components of these critical infrastructures. These critical infrastructures rely on a range of technologies commonly known as Process Control Systems in the production, distribution or management aspects of their services.

To ensure continued delivery of these critical services, it is important to ensure that the process control systems used to control, monitor and manage the infrastructure are secured against physical and cyber security threats. A number of information security standards have been defined by various industry and government regulatory bodies to provide guidance in securing process control systems. However, managing compliance to several standards can become an added administrative overhead to organizations.

This paper reviews the challenges in maintaining compliance with multiple standards and postulates that a holistic information security management system is required to ensure ongoing security of these process control systems. It proposes the implementation of international standards ISO/IEC 17799 and 27001 as a practical approach to managing the various compliance requirements and providing a framework to implement, monitor, manage and improve the security of process control systems.


Critical Infrastructure Process Control System Compliance Requirement Information Security Management Information Security Management System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Attorney General’s Department (Australia): Trusted Information Sharing Network for Critical Infrastructure Protection, Attorney Generals Department (2006)Google Scholar
  2. 2.
    Attorney General’s Department (Australia): Critical Infrastructure Protection National Strategy. Attorney General’s Department, Canberra (2004)Google Scholar
  3. 3.
    Dacey, R.F.: Critical Infrastructure Protection: Challenges in Securing Control Systems, United States General Accounting Office (2003)Google Scholar
  4. 4.
    Rockliff, M.: Process Control System Security, Plexal Group (2005)Google Scholar
  5. 5.
    Verton, D.: Blaster Worm Linked to Severity of Blackout, ComputerWorld, ComputerWorld (2003)Google Scholar
  6. 6.
    Poulson, K.: Slammer Work Crashed Phio Nuke Plant Network, SecurityFocus (2003)Google Scholar
  7. 7.
    Boyer, S.A.: SCADA Supervisory Control and Data Acquisition, 3rd edn. The Instrumentation, Systems and Automation Society, Research Triangle Park, NC, ISA (2004)Google Scholar
  8. 8.
    Miller, A.: Trends in Process Control Systems Security. IEEE Security and Privacy 3, 57–60 (2005)CrossRefGoogle Scholar
  9. 9.
    US Computer Emergency Readiness Team: Control Systems Cyber Security Awareness, US-CERT (2005)Google Scholar
  10. 10.
    Byres, E., Lowe, J.: The Myths and Facts behind Cyber Security Risks for Industrial Control Systems, British Columbia Institute of Technology (2004)Google Scholar
  11. 11.
    Amin, M.: Infrastructure Security: Reliability and Dependency of Critical Systems. IEEE Security and Privacy 3, 15–17 (2005)CrossRefGoogle Scholar
  12. 12.
    Kilman, D., Stamp, J.: Framework for SCADA Security Policy. Sandia National Laboratories, Albuquerque (2005)Google Scholar
  13. 13.
    Carlson, R., Dagle, J.E., Shamsuddin, S.A., Evans, R.P.: A summary of Control System Security Standards Activities in the Energy Sector, Department of Energy, p. 48 (2005)Google Scholar
  14. 14.
    North American Electricity Reliability Council: Reliability Standards for the Bulk Electric Systems of North America (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Wipul Jayawickrama
    • 1
  1. 1.Infoshield Consulting 

Personalised recommendations