Talk to Us Today Experienced a Breach?

News

img

NIST CSF for Industrial Control Systems Security

Industrial control systems face growing cybersecurity risks. The NIST Cybersecurity Framework can help operators gain insight into their level of risk and how to decrease it.

Industrial control systems (ICS) play a critical role in maintaining and enriching modern life, from power delivery to pharmaceuticals. As they become increasingly interconnected and dependent on other systems, more attack vectors open for hackers to exploit, which can result in disastrous consequences.

To help ensure ICS operators adopt effective risk management strategies, the National Institute of Standards and Technology (NIST) has released the “Framework for Improving Critical Infrastructure Cybersecurity.” While the NIST Cybersecurity Framework (CSF) is not a one-size-fits-all solution for improving security resilience, its flexibility allows it to apply to a wide variety of ICS operators’ business structures and needs. It is less of a stringent guide on specific controls to assess and more of a methodology, which, when paired with a control framework, such as ISO/IEC 27000, COBIT 5, ANSI/ISA 62443, or NIST SP 800-53, can aid organizations in effectively addressing potential cybersecurity and control gaps.

ICS operators can use the framework to:

  • Adopt a common taxonomy to ensure efficient and effective communication
  • Create a target state for cybersecurity
  • Evaluate the current risk management program
  • Engage C-level and other management personnel in cybersecurity operations
  • Prioritize risk management activities to reach desired business and security outcomes

NIST CSF is comprised of five functions: Identify, Protect, Detect, Respond, and Recover. Respectively, these functions help ICS operators accomplish the following goals:

  • Understand the ICS environment to gain insight into the level of cybersecurity risk.
  • Implement safeguards to limit or contain cybersecurity event impacts.
  • Implement measures to quickly identify cybersecurity events.
  • Develop a response plan to effectively communicate, contain, and analyze incidents.
  • Restore functionality after a cybersecurity event.

Protecting ICS from cyber attacks is a matter of national security. For more information, read our white paper, Industrial Control Systems: Security in an Interconnected World.


HOW HARDENED IS YOUR NETWORK?

Our Hardened Network Assessment, the first online self-assessment of its kind, will measure your network security posture and generate a customized report in just a few minutes.

Take the test

Related Articles

img

What's New

Malicious Insider Threats and Indicators

Insider threats can be invisible to standard security measures like firewalls. Use these tips for more robust detection.   Protecting your company data requires more than just technical measures and securing the perimeter—i

read
img

What's New

Solving the Cybersecurity Skills Shortage

The cybersecurity skills shortage is increasing breaches and making hiring increasingly difficult. Here is what businesses should do now. The growing shortage of qualified cybersecurity professionals makes it increasingly difficult f

read