NAIC Cyber Security Principles – not for industrial control systems

March 16, 2015

The National Association of Insurance Commissioners (NAIC) issued "Principles for Effective Cyber Security Insurance Regulatory Guidance". The NAIC principles effectively focus on data breach. However, data breach is not a significant issue for ICS cyber security. ICS cyber impacts need to be considered.

There is still a significant gap in understanding of industrial control system (ICS) cyber security by many in the insurance industry. The National Association of Insurance Commissioners (NAIC) issued "Principles for Effective Cyber Security Insurance Regulatory Guidance". The NAIC principles effectively focus on data breach. According to the NAIC principles, “Insurance regulators have a “significant role and responsibility” regarding protecting consumers from cyber security risks, regarding insurers' efforts to protect sensitive customer health and financial information, and protecting sensitive information housed in insurance department..." However, data breach is not a significant issue for ICS cyber security. ICS cyber incidents can, and have, led to significant equipment or environmental damage, business interruption, and deaths. These significant impacts need to be considered as insurance policies often have exclusions for cyber attacks. Unintentional cyber incidents are not cyber attacks and therefore may not be excluded from existing policies. ICS cyber attacks can affect multiple facilities in multiple locations causing very significant near and long-term damage to facilities and people. The insurance companies need to better understand their risks and potential liabilities to ICS cyber incidents whether they are malicious or unintentional.

Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.