Talk to Us Today Experienced a Breach?

News

img

NIST CSF for Industrial Control Systems Security

Industrial control systems face growing cybersecurity risks. The NIST Cybersecurity Framework can help operators gain insight into their level of risk and how to decrease it.

Industrial control systems (ICS) play a critical role in maintaining and enriching modern life, from power delivery to pharmaceuticals. As they become increasingly interconnected and dependent on other systems, more attack vectors open for hackers to exploit, which can result in disastrous consequences.

To help ensure ICS operators adopt effective risk management strategies, the National Institute of Standards and Technology (NIST) has released the “Framework for Improving Critical Infrastructure Cybersecurity.” While the NIST Cybersecurity Framework (CSF) is not a one-size-fits-all solution for improving security resilience, its flexibility allows it to apply to a wide variety of ICS operators’ business structures and needs. It is less of a stringent guide on specific controls to assess and more of a methodology, which, when paired with a control framework, such as ISO/IEC 27000, COBIT 5, ANSI/ISA 62443, or NIST SP 800-53, can aid organizations in effectively addressing potential cybersecurity and control gaps.

ICS operators can use the framework to:

  • Adopt a common taxonomy to ensure efficient and effective communication
  • Create a target state for cybersecurity
  • Evaluate the current risk management program
  • Engage C-level and other management personnel in cybersecurity operations
  • Prioritize risk management activities to reach desired business and security outcomes

NIST CSF is comprised of five functions: Identify, Protect, Detect, Respond, and Recover. Respectively, these functions help ICS operators accomplish the following goals:

  • Understand the ICS environment to gain insight into the level of cybersecurity risk.
  • Implement safeguards to limit or contain cybersecurity event impacts.
  • Implement measures to quickly identify cybersecurity events.
  • Develop a response plan to effectively communicate, contain, and analyze incidents.
  • Restore functionality after a cybersecurity event.

Protecting ICS from cyber attacks is a matter of national security. For more information, read our white paper, Industrial Control Systems: Security in an Interconnected World.


HOW HARDENED IS YOUR NETWORK?

Our Hardened Network Assessment, the first online self-assessment of its kind, will measure your network security posture and generate a customized report in just a few minutes.

Take the test

Related Articles

img

What's New

Cyber Threats to Education

Schools are data-rich targets for malicious actors, with extensive stores of social security numbers, email addresses, health records, financial information of students and their families, and more. Cyber threats against the educatio

read
img

What's New, Whitepapers

Maintaining a Mature Security Program

Maintaining a mature security program helps to drive significant improvements in governance and compliance at any organization, from a small business to a large enterprise. The more mature a company's security program becomes, the better th

read
img

What's New

Cybersecurity Resolutions for 2023

These reasonable resolutions will launch your organization's cybersecurity in 2023. Businesses can prepare for cyberattacks by developing a proactive risk management strategy to kickstart 2023. Phishing emails and ransomware continue

read