Vendor System Vulnerability Testing Test Plan

PDF Version Also Available for Download.

Description

The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INL’s Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or ... continued below

Creation Information

Davidson, James R. January 1, 2005.

Context

This report is part of the collection entitled: Office of Scientific & Technical Information Technical Reports and was provided by UNT Libraries Government Documents Department to Digital Library, a digital repository hosted by the UNT Libraries. More information about this report can be viewed below.

Who

People and organizations associated with either the creation of this report or its content.

Publisher

Provided By

UNT Libraries Government Documents Department

Serving as both a federal and a state depository library, the UNT Libraries Government Documents Department maintains millions of items in a variety of formats. The department is a member of the FDLP Content Partnerships Program and an Affiliated Archive of the National Archives.

Contact Us

What

Descriptive information to help identify this report. Follow the links below to find similar items on the Digital Library.

Description

The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INL’s Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or hazardous chemical production facilities. The SCADA Test Bed is established at the INL as a testing environment to evaluate the security vulnerabilities of SCADA systems, energy management systems (EMS), and distributed control systems. It now supports multiple programs sponsored by the U.S. Department of Energy, the U.S. Department of Homeland Security, other government agencies, and private sector clients. This particular test plan applies to testing conducted on a SCADA/EMS provided by a vendor. Before performing detailed vulnerability testing of a SCADA/EMS, an as delivered baseline examination of the system is conducted, to establish a starting point for all-subsequent testing. The series of baseline tests document factory delivered defaults, system configuration, and potential configuration changes to aid in the development of a security plan for in depth vulnerability testing. The baseline test document is provided to the System Provider,a who evaluates the baseline report and provides recommendations to the system configuration to enhance the security profile of the baseline system. Vulnerability testing is then conducted at the SCADA Test Bed, which provides an in-depth security analysis of the Vendor’s system.b a. The term System Provider replaces the name of the company/organization providing the system being evaluated. This can be the system manufacturer, a system user, or a third party organization such as a government agency. b. The term Vendor (or Vendor’s) System replaces the name of the specific SCADA/EMS being tested.

Language

Item Type

Identifier

Unique identifying numbers for this report in the Digital Library or other systems.

  • Report No.: INEEL/EXT-05-02613
  • Grant Number: DE-AC07-99ID-13727
  • DOI: 10.2172/911786 | External Link
  • Office of Scientific & Technical Information Report Number: 911786
  • Archival Resource Key: ark:/67531/metadc887405

Collections

This report is part of the following collection of related materials.

Office of Scientific & Technical Information Technical Reports

Reports, articles and other documents harvested from the Office of Scientific and Technical Information.

Office of Scientific and Technical Information (OSTI) is the Department of Energy (DOE) office that collects, preserves, and disseminates DOE-sponsored research and development (R&D) results that are the outcomes of R&D projects or other funded activities at DOE labs and facilities nationwide and grantees at universities and other institutions.

What responsibilities do I have when using this report?

When

Dates and time periods associated with this report.

Creation Date

  • January 1, 2005

Added to The UNT Digital Library

  • Sept. 22, 2016, 2:13 a.m.

Description Last Updated

  • Dec. 8, 2016, 1:45 p.m.

Usage Statistics

When was this report last used?

Congratulations! It looks like you are the first person to view this item online.

Interact With This Report

Here are some suggestions for what to do next.

Start Reading

PDF Version Also Available for Download.

Citations, Rights, Re-Use

Davidson, James R. Vendor System Vulnerability Testing Test Plan, report, January 1, 2005; [Idaho Falls, Idaho]. (digital.library.unt.edu/ark:/67531/metadc887405/: accessed October 17, 2017), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT Libraries Government Documents Department.