NIST and DOE still not distinguishing between IT and ICS

Nov. 15, 2011

A message from Joe Weiss:

September 2011, DOE published the Electricity Sector Cybersecurity Risk Management Process Guideline for comment. The document draws from a significant number of experts, though none are industrial control systems (ICS) experts. The document effectively equates IT and ICS. It references IEC-62443 which is still not a formal document and excludes any mention of ISA99.

A message from Joe Weiss:

September 2011, DOE published the Electricity Sector Cybersecurity Risk Management Process Guideline for comment. The document draws from a significant number of experts, though none are industrial control systems (ICS) experts. The document effectively equates IT and ICS. It references IEC-62443 which is still not a formal document and excludes any mention of ISA99.

Meanwhile NIST recently published their National Initiative for Cyber Security Education (NICE) Cybersecurity Workforce Framework. The document states: "Consequently, with the exception of select critical support roles that allow cybersecurity professionals to effectively do their work, we did not include occupational specialties related to acquisition, physical security, oversight of critical infrastructure, electrical engineering, and so forth." This can create, or at least exacerbate, the training and cultural issues that currently divide IT Security and Operations. 

NIST and DOE need to address the unique aspects of industrial control systems as identified in NIST SP80-82. Moreover, NIST SP800-82 needs to be updated to address newer threats to ICSs including threats such as Stuxnet.

Sponsored Recommendations

Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...