ICALEPCS2011 - List of Authors (Vuppala, V.)

Paper

Title

Page

Securing a Control System: Experiences from ISO 27001 Implementation

1062

V. Vuppala, K.D. Davidson, J. Kusler, J.J. Vincent
NSCL, East Lansing, Michigan, USA

Recent incidents have emphasized the importance of security and operational continuity for achieving the quality objectives of an organization, and the safety of its personnel and machines. However, security and disaster recovery are either completely ignored or given a low priority during the design and development of an accelerator control system, the underlying technologies, and the overlaid applications. This leads to an operational facility that is easy to breach, and difficult to recover. Retrofitting security into the control system becomes much more difficult during operations. In this paper we describe our experiences in achieving ISO 27001 compliance for NSCL's control system. We illustrate problems faced with securing low-level controls, infrastructure, and applications. We also provide guidelines to address the security and disaster recovery issues upfront during the development phase.

Poster WEPMU007 [1.304 MB]

Paper	Title	Page
WEPMU007	Securing a Control System: Experiences from ISO 27001 Implementation	1062
	V. Vuppala, K.D. Davidson, J. Kusler, J.J. Vincent NSCL, East Lansing, Michigan, USA
	Recent incidents have emphasized the importance of security and operational continuity for achieving the quality objectives of an organization, and the safety of its personnel and machines. However, security and disaster recovery are either completely ignored or given a low priority during the design and development of an accelerator control system, the underlying technologies, and the overlaid applications. This leads to an operational facility that is easy to breach, and difficult to recover. Retrofitting security into the control system becomes much more difficult during operations. In this paper we describe our experiences in achieving ISO 27001 compliance for NSCL's control system. We illustrate problems faced with securing low-level controls, infrastructure, and applications. We also provide guidelines to address the security and disaster recovery issues upfront during the development phase.
	Poster WEPMU007 [1.304 MB]