Report on Establishing a Canadian SCADA Portal

Executive Summary
Over the last several years, the issues surrounding cyber security and critical infrastructure protection have moved to the forefront of both public and private sector agendas. More interestingly, the domain of interest as it pertains to the cyber security of Supervisory Control and Data Acquisition (SCADA) and Process Control systems (PCS) has grown considerably. As such, several nations have begun to recognize the role that these systems have on key infrastructure sectors (energy, water, transportation), and have started to establish significant capabilities to address the cyber vulnerabilities of these key assets. Public Safety Canada (Public Safety), through its Cyber Security Strategy Secretariat, has developed an effort to address the concerns associated with cyber security and industrial SCADA systems.

However, although the need to protect these resources from cyber attack is becoming increasingly apparent, the fact that a large majority of these systems within Canada are owned and operated by private sector entities creates some challenges. These challenges include the influence Public Safety can have on the community of interest, the way in which Public Safety can provide cyber security support to the SCADA community, and how Canadian owner/operators can benefit from Government of Canada support. Of paramount concern is how key information residing in and amongst the SCADA community of interest is shared, and what Canadian-centric mechanism can be established to promote effective information sharing that promotes cyber security in SCADA and Process Control systems.

To address these and other issues, and recognizing that Public Safety has a requirement to protect Canadian critical infrastructure systems, Public Safety sanctioned an in-depth analysis regarding the establishment of a Canadian SCADA security portal. The intent of this study was to create a report that incorporates research and findings in several core areas, and deliver recommendations, best practices and proposed frameworks that will allow Public Safety to make educated, relevant, and timely decisions regarding the feasibility of such a portal. These core areas included:

1. Analysis of experience and methodologies used by the United States Department of Homeland Security (DHS) Control System Security Program (CSSP) to create a SCADA and Control Systems specific portal

2. Analysis of key variables for application of a SCADA portal in the Canadian context

3. Analysis of information and experience from the greater SCADA community, including analysis of on-going similar efforts currently existing in other nations

Date modified: