Effective information security in the process control domain of the energy utility sector can be achieved by establishing, implementing, monitoring, reviewing and, if necessary, improving the applicable measures set forth in this document, in order to attain the specific security and business objectives of the organization.
Ultimately, the overall success of the cybersecurity of energy industries is based on collaborative efforts by all stakeholders (vendors, suppliers, customers, etc.).
This document provides guidance based on ISO/IEC 27002:2013 applied to process control systems used by the energy utility industry for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes.
For example this includes in particular the following:
- central and distributed process control, monitoring and automation technology as well as information systems used for their operation, such as programming and parameterization devices.
- all further supporting information systems used in the process control domain, e.g. for supplementary data visualization tasks and for controlling, monitoring, data archiving, historian logging, reporting and documentation purposes.