Home » Guidance and standards for improving network security
Guidance and standards for improving network security
TO HELP THEIR clients, members, and constituents, many government departments and trade associations have been simultaneously developing guidance and standards for improving network security. Several industry observers say there are presently about 40 government, trade, and corporate organizations developing network security standards, and that 38 of these groups had been unaware of similar projects by the others. Many of them now are trying to coordinate and consolidate their standards work.
Perhaps the largest standards effort is being carried out by the U.S. Dept. of Homeland Security and the National Institute of Standards and Technology with help from Idaho National Laboratories and Sandia National Laboratories, which jointly offer the National SCADA Test Bed to check products for vulnerabilities.
DHS and NIST also have established the Process Control Systems Forum and the Process Control Security Requirements Forum (PCSRF) to gather input on security needs and best practices, which could be included in future security standards.
DHS and NIST also are affiliated with the U.S. Computer Emergency Readiness Team and its Control System Security Program (CSSP), which lists control systems incidents, and helps users work with suppliers to resolve disputes involving control system vulnerabilities.
To help all the standards efforts join forces, NIST is compiling all available network security guidelines from the 40 bodies, and reportedly plans to publish them as its 800-53 draft standard in 2007. This coordination is expected to help these organizations decide the security needs they have in common and the methods they can share, and also which aspects of security might be unique to their users and organizations.
For example, NERC’s newly adopted Critical Infrastructure Protection (CIP) standards, CIP-002-1 to 009-1, reportedly can be adopted, altered if needed, and adhered to by users in applications outside NERC’s jurisdiction because they both use computer systems and software in the same way. These commonalities are expected to direct efforts on creating a unified set of network security standards. NERC’s standards cover critical cyber asset identification, security management controls, personnel and training, electronic security perimeters, physical security of critical cyber assets, system security management, incident reporting and response planning, and recovery plans for critical cyber assets.
Fieldbus Foundation Launches Project Gemstone
New initiative is designed to make the fieldbus experience easier, more application-centered.
Great Moments in Process Automation History
Take a broken soda fountain machine, a car a.c. unit, flavor mixes, water and CO2, add inventiveness; you get America’s favorite frozen drink.
Smart Grid: Independent Testing Of Rossi's E-Cat Cold Fusion Device Shows Positive Results
Forbes magazine's tech contributor Mark Gibbs writes that independent testing of Andrea Rossi's E-CAT Cold Fusion Reactor has positive results.The implications of the possible commercialization of cold fusion power sources are incredible.
Compressor Controls: Saudi Aramco Buys First GE Compressor Control Systems
Saudi Aramco has purchased advanced compressor control technology from GE for the Haradh GOSP-1 facility in Saudi Arabia's Eastern Province.
SANS Control Security Training Coming to Houston
SANS Institute will hold ICS Security Training event on June 10-15 in Houston
ISA Training Through June in Houston
Technician training, engineering survival and SIS boot camps for condensed, intense, comprehensive educational experience.
Metso Provides New Heating Solution for Finnish Utility
Finland's largest pellet-fired heating plant produces environmentally friendly energy in Tampere
NIST Releases Initial Cyber Security Framework Comment Analysis
The National Institute for Standards and Technology has released an initial analysis of the hundreds of comments by industry and the public they have received on the Obama Administration's "Improving Critical Infrastructure Cyber Security" executive order.
Past Time to Upgrade Your DCS?
Upgrading Your DCS: Why You May Need to Do It Sooner Than You Think
K-BIM Consortium Selects Siemens' Parasolid for New AEC Applications
-BIM, a consortium of commercial, academic and government organizations wants the new application suite to help create a national standard for building information management (BIM)
- All news »
Access the entire print issue on-line and be notified each month via e-mail when your new issue is ready for you. Subscribe today.
- Featured White Papers