This recommended practice provides guidance on the analysis of methodologies for evaluating security risks associated with modems and their use in an organization. This document also offers useful methods for creating a defense-in-depth architecture that protects the system components that use modems for connectivity. It is assumed that the reader of this document has a basic understanding of vulnerabilities associated with modem and modem communications, as this information is available from other sources.
Section 2 and 3 of the document discuss methods for assessing modem security, providing recommended resources for information and assessment tools and methods for identifying and analyzing modem connections. Section 4 provides options for implementing modem security according to the types of connections and/or devices being used. It also discusses methods such as authentication, logging, caller-ID filtering, and control system device security. Appendix A includes a list of resources used to create this document.
The methods presented in this document should be evaluated by each user for effectiveness within their operating environment. This analysis should include the capabilities and limitations of any hardware and/or software solution selected to implement these methods. This document does not cover the physical security aspects of modem security. Physical security should be driven by the control system and its components. If the physical security of the control system and its components has been addressed appropriately, then the modems will be a part of this physical security perimeter.
Full Securing CS Modems RP document (PDF)