Todd, Not knowing much about SCADA, I just checked it out in Wikipedia. The following caught my eye: "Standard protocols are IEC 60870-5-101 or 104, IEC 61850 and DNP3. These communication protocols are standardized and recognized by all major SCADA vendors. Many of these protocols now contain extensions to operate over TCP/IP. It is good security engineering practice to avoid connecting SCADA systems to the Internet so the attack surface is reduced. .... The move from proprietary technologies to more standardized and open solutions together with the increased number of connections between SCADA systems and office networks and the Internet has made them more vulnerable to attacks .... The ISA Security Compliance Institute (ISCI) is emerging to formalize SCADA security testing starting as soon as 2009. ISCI is conceptually similar to private testing and certification that has been performed by vendors since 2007, such as the Achilles certification program from Wurldtech Security Technologies, Inc. and MUSIC certification from Mu Dynamics, Inc. Eventually, standards being defined by ISA SP99 WG4 will supersede these initial industry consortia efforts, but probably not before 2011." So it sems to me, at least naively, that SCADA standardization is already being covered by IEC, ISCI, and perhaps elsewhere as well. What do you envision the IETF could add that is not already being covered, to prevent unnecessary duplication of effort? Also, to my knowledge, there is not much by way of SCADA expertise in the IETF. As I'm sure you're aware, there is a defined process to begin new work in the IETF - you write a draft discussing the problem statement and reqiurements for the proposed work, begin a discussion of the draft on the IETF list, and if it looks like there would be sufficient interest and expertise, propose a BOF on the topic at an upcoming meeting. Cheers, Andy On Tue, Sep 30, 2008 at 3:28 PM, TS Glassey <tglassey@xxxxxxxxxxxxx> wrote: > Not that anyone listens to me here but the IETF needs a focus group and > probably a WG under the general area for SCADA systems. > > This would be for the creation of BCP's and standards for operating public > SCADA systems and would provide an oversight process if its properly managed > for SCADA systems operated in the public interest. > > Todd > --- > Personal Disclaimers Apply > > TS Glassey > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf