The NIST Cybersecurity Framework for Industrial Control Systems Security

Industrial control systems (ICS) play a critical role in maintaining and enriching modern life, from power delivery to pharmaceuticals. When malicious interference compromises these systems, the consequences can be broad and disastrous. As ICS become more interconnected and dependent upon other systems to perform daily tasks, more attack vectors open for hackers to exploit.

To help ensure ICS operators adopt effective risk management strategies, the National Institute of Standards and Technology (NIST) has released the “Framework for Improving Critical Infrastructure Cybersecurity.” While the NIST Cybersecurity Framework (CSF) is not a one-size-fits-all solution for improving security resilience, its flexibility allows it to apply to a wide variety of ICS operators’ business structures and needs. It is less of a stringent guide on specific controls to assess and more of a methodology, which, when paired with another framework, such as ISO/IEC 27000, COBIT 5, ANSI/ISA 62443, or NIST Special Publication 800-53, can aid organizations in effectively addressing potential cybersecurity and controls gaps.

ICS operators can use the framework to:

1)    Adopt a common taxonomy to ensure efficient and effective communication

2)    Create a target state for cybersecurity

3)    Evaluate the current risk management program

4)    Engage C-level and other management personnel in cybersecurity operations

5)    Prioritize risk management activities to reach desired business and security outcomes

For more information on how to maintain ICS security, read our white paper, Industrial Control Systems: Security in an Interconnected World.