Forum for Human Factors in Control Systems (HFC-forum)


Good practice related to safety and security of integrated operations in the oil and gas industry.

Training - Look to  or SCADA spesific

Suggested good practice documents and guidelines:

  • US- Cert Standards & References - This page provides an extensive bibliography of references and standards associated with control system cyber topics.
  • Security blog with news at
  • at
    • NISCC "Good practice Guide on Firewall Deployment for SCADA and Process Control Networks"
    • NISCC " Process Control and SCADA Security"
  • 21 steps to improve Cyber Security of scada Networks: (3Mb)
  • Testing and certification of SCADA systems see ISA Security Compliance Institute -; Industry leaders from a number of major control system users and manufacturers have investigated the feasibility of creating an organization to establish a set of well-engineered specifications and processes for the testing and certification of critical control systems products.
  • Textbook: "Industrial Network Security"  (Paperback)  by David J. Teumim, ISBN: 1556178743, 144 pages, Publisher: ISA - The Instrumentation, Systems and Automation Society (December 24, 2004)
  • ISA-SP99 Manufacturing and Control Systems Security Standards: The ISA-SP99 Committee is establishing standards, recommended practices, technical reports that will define procedures for implementing electronically secure industrial automation and control systems and security practices and assessing electronic security performance.  The new standard, ANSI/ISA-99.00.01-2007, Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts, and Models, is the first in a series of ISA standards that addresses cyber security for industrial automation and control systems (IACS). See
  • "Computer Security Incident Handling Guide" -  Recommendations of the National Institute of Standards and Technology - NIST Special Publication 800-61. Tim Grance, Karen Kent, Brian Kim.
  • NIST SP 800-82, Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security. SP 800-82 provides guidance for establishing secure industrial control systems (ICS), including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS). The document provides an overview of ICSs and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks.
  • Incident documentation and  reporting , ref:
  • Measuring information security awareness - current practices and the measurement of success
  • Methodologies to perform Risk analyses of Integrated Operations in Oil and Gas industry, see RiskMAP. An explanation of the RiskMAP methodology is available on
  • The standard of good practice for Information Security from ISF:
  • Health, safety and environment research in the petroleum sector , see
  • SCADA LINKS see:

    Examples of known vulnerabilities are found in documents published by:

  • Sandia National Laboratories has assembled a list of vulnerabilities commonly found in critical infrastructure control systems. Stamp Jason, John Dillinger, William Young, and Jennifer DePoy. November 11, 2003. "Common Vulnerabilities in Critical Infrastructure Control Systems". Available at
  • PlantData Technology has developed a list of Top 10 security issues in SAS/SCADA systems.  Pollet Jonathan. March 14, 2005. Risk Mitigation – Top Ten Security Issues with Securing Real-Time Control and SCADA Systems that Support Critical Infrastructure. Available from

Suggested good practice documents and guidelines developed in Norway:

Articles and Reports:


Other key references:

Download CheckIT Poster

Responsible for CheckIT web pages: Stig Ole Johnsen

Publisert 4. mai 2006

Visjon: ”Kompetanseforum for bruk av Human Factors (HF) innen samhandling, styring og overvåkning i olje og gass virksomheten”

Hovedoppgave: ”Være et forum for erfaringsoverføring som bidrar til å videreutvikle HF metoder til bruk ved design og vurdering av driftskonsepter”

Nettredaktør: Tove E Waagan