It’s no surprise that industrial environments have become increasingly valuable targets to malicious behavior. The State of Security has featured many cybersecurity events in the recent past across a myriad of industrial verticals including but not limited to chemical manufacturing, transportation, power generation and petrochemical. Several of these industries mentioned have taken great strides in improving their defense posture, mostly thanks to governmental regulatory compliance requirements.

Most organizations with industrial control systems (ICS) fall into one of two categories: regulated and non-regulated. For those subject to governmentally imposed regulatory requirements, the selection of a cybersecurity framework is obviously compelling. Please continue reading through the remainder of the article. For those who aren’t subject to regulatory requirements, feel free to skip over the next section titled “Regulated Approach” and start back up at “General Approach.” If you’re not subject to any regulatory requirements, this following section “Regulatory Approach” could still be of interest, especially if 1) your industry is moving in this direction in the near future or 2) you’d like to better understand how your regulated counterparts have been measuring the state of their security posture.

Regulated Approach

I’m not one to praise the government in its efforts to impose requirements on businesses, but in this case, it’s had a rather impressive positive effect. I’m of course alluding to North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Energy Institute (NEI) 08-09 requirements, which have undergone many changes over the past decade to become what they are now. These specialized requirements have been tailored to for the electric utility and nuclear power generation sectors, respectively. If you’re subject to these very requirements (or several of the other lesser known requirements out there), you know that they can be burdensome but are of (Read more...)