iFACTS on - SCADA
It has lately been realised how vulnerable SCADA (Supervisory Control and Data Acquisition) systems are. Today these systems often are built on standard software and available through the internet or LAN/WAN.

This exposure has already been exploited by "underground organisations" for different types of extorsion and sabotage. There are speculations that several serious incidents, for example a gigantic power outlet in the US was caused by unauthorised exploiting of SCADA systems.

Often the plants or machinery that are controlled by SCADA systems are the very base of society infrastructure such as Water reservoir, Power distribution grid, TV&Radio broadcasting or Telecom.

In SASN Webcast 18 May 2006, Control System Security Project: "SCADA-systems ar so critical that whether the threat has been demonstrated (fact) or conceptualized (fiction), the reality is that these systems have to be protected."

To control these critical SCADA systems two aspects are essential:

1. Control the individual SCADA system. This includes clarifying responsibilities, procedures following best practise, monitoring, risk assessment and audit. All this shows how well the system is maintained. In the iFACTS concept these parameters are translated into a Score in the range 0-100% for easy evaluation and management reporting.

2. The environment the SCADA system is operating in. Many of the threats are related to third parties unauthorised accessing the SCADA system through the internet or WAN/LAN. It is vital to identify all the different parts in the operating environment and identifying weak links. Such parts can be:

Process and activities- The SCADA system -  Servers - Workstation - Routers and communication - Firewall - IT facility - Access control system - Power supply

iFACTS is the single point of entry for organisational data which is the base for identifying the SCADA scope.
But there can only be one master database to do this. The prerequisite is:

To go all in -  to see it all and get it all.