Abstract: Efforts to secure supervisory control and data acquisition
(SCADA) systems must be supported under the guidance of
sound security policies and mechanisms to enforce them. Critical
elements of the policy must be systematically translated into a format
that can be used by policy enforcement components. Ideally, the
goal is to ensure that the enforced policy is a close reflection of
the specified policy. However, security controls commonly used to
enforce policies in the IT environment were not designed to satisfy
the specific needs of the SCADA environment. This paper presents
a language, based on the well-known XACML framework, for the
expression of authorization policies for SCADA systems.