Author: Vincent, J.J.
Paper Title Page
WEPMU007 Securing a Control System: Experiences from ISO 27001 Implementation 1062
 
  • V. Vuppala, K.D. Davidson, J. Kusler, J.J. Vincent
    NSCL, East Lansing, Michigan, USA
 
  Recent incidents have emphasized the importance of security and operational continuity for achieving the quality objectives of an organization, and the safety of its personnel and machines. However, security and disaster recovery are either completely ignored or given a low priority during the design and development of an accelerator control system, the underlying technologies, and the overlaid applications. This leads to an operational facility that is easy to breach, and difficult to recover. Retrofitting security into the control system becomes much more difficult during operations. In this paper we describe our experiences in achieving ISO 27001 compliance for NSCL's control system. We illustrate problems faced with securing low-level controls, infrastructure, and applications. We also provide guidelines to address the security and disaster recovery issues upfront during the development phase.  
poster icon Poster WEPMU007 [1.304 MB]