Tags
Computer security, Control system, Critical infrastructure, ICS, Industrial control system, National Institute of Standards and Technology, NIST, Stuxnet
Just as NIST released a draft of the U.S. government’s Cyber Security Framework (PDF) for industrial control systems (ICS), Ralph Langner responded with his proposed RIPE framework that he says is a better fit for Control Systems. Many critical infrastructure operators are looking for answers on where to start understanding ICS security. The NIST framework is designed to outline a core structure to include a user’s guide and an executive overview that describes the purpose, need and application of the drafted framework in critical infrastructure control system environments. NIST has reflected comments that emphasized the importance of executive involvement in managing cyber risks, “the framework is designed to help business leaders evaluate how prepared their organizations are to deal with cyber threats and their impacts.” – NIST