| Vendor System Vulnerability Testing Test Plan | |
| Davidson, James R. | |
| Idaho National Laboratory | |
| 关键词: Security; Testing; 45 - Military Technology, Weaponry, And National Defense; Recommendations; Data Acquisition; | |
| DOI : 10.2172/911786 RP-ID : INEEL/EXT-05-02613 RP-ID : DE-AC07-99ID-13727 RP-ID : 911786 |
|
| 美国|英语 | |
| 来源: UNT Digital Library | |
 PDF
|
|
【 摘 要 】
The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INL’s Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or hazardous chemical production facilities. The SCADA Test Bed is established at the INL as a testing environment to evaluate the security vulnerabilities of SCADA systems, energy management systems (EMS), and distributed control systems. It now supports multiple programs sponsored by the U.S. Department of Energy, the U.S. Department of Homeland Security, other government agencies, and private sector clients. This particular test plan applies to testing conducted on a SCADA/EMS provided by a vendor. Before performing detailed vulnerability testing of a SCADA/EMS, an as delivered baseline examination of the system is conducted, to establish a starting point for all-subsequent testing. The series of baseline tests document factory delivered defaults, system configuration, and potential configuration changes to aid in the development of a security plan for in depth vulnerability testing. The baseline test document is provided to the System Provider,a who evaluates the baseline report and provides recommendations to the system configuration to enhance the security profile of the baseline system. Vulnerability testing is then conducted at the SCADA Test Bed, which provides an in-depth security analysis of the Vendor’s system.b a. The term System Provider replaces the name of the company/organization providing the system being evaluated. This can be the system manufacturer, a system user, or a third party organization such as a government agency. b. The term Vendor (or Vendor’s) System replaces the name of the specific SCADA/EMS being tested.
【 预 览 】
| Files | Size | Format | View |
|---|---|---|---|
| 911786.pdf | 197KB |  download |
878987797
028-85220240
