TABLE OF CONTENTS There are many definitions of security; many of them could apply to automation and control systems. Security is often thought of as the robustness of a system and its ability to deliver a service regardless of upsets, faults, failures, or other problems. In the electrical transmission and distribution industry, the term "operational security" [1] is defined as "the ability of a power system to withstand or limit the adverse effects of any credible contingency to the system including overloads beyond emergency ratings, excessive or inadequate voltage, loss of stability or abnormal frequency deviations."
However, a number of factors have mandated a new, equally important meaning. These factors include:
the advent of ubiquitous, easy to use, remote and network access to almost every automation and control system component;
the trend to connect these components to phone lines, control networks, business systems, and even the Internet; and
the risk of intentional or even inadvertent network induced system failures.
In this context we need to re-define "system and network security."
System and network security includes the use of physical protection and electronic identification, authentication, authorization, filtering, blocking, access control, encryption, validation, detection, measurement, audit, monitoring, logging, and other technologies, with the objective of precluding unauthorized or unintended use, modification, disclosure, or destruction of automation and control systems, or associated informational assets. These activities are undertaken in an effort to reduce the risk of personal injury or possibility of endangering...
