Booz Allen Hamilton
“Ukraine Report: When the Lights Went Out“
Published: November 2016
“For ultimate protection, consider unidirectional technologies for one-way data transfer from sensitive environments to authorized systems”. Read more.
The American Bureau of Shipping (ABS)
“ABS CyberSafety Volume 1: The Application of Cybersecurity Principles to Marine and Offshore Operations“
Published: September 2016
Implementing unidirectional technology for the most critical control systems for vessels is a recommended way to ensure this safety and security. Read more.
The American Bureau of Shipping (ABS)
“ABS CyberSafety Volume 2: Cybersecurity Implementation for the Marine and Offshore Industries“
Published: September 2016
When it comes to the distinction between protecting OT systems vs. protecting IT systems – these guys get it. They understand industrial systems and the need for a different approach with OT security versus IT security and the potential for grave consequences if IT protections are employed. Read more.
Department of Homeland Security (DHS ICS-CERT)
“Improving ICS Cybersecurity with Defense-in-Depth Strategies“
Published: September 2016
A nice collection of advice for ICS security programs, including: risk management, security controls and technologies, as well as physical security and training/awareness recommendations. The document is helpful in that it describes attack scenarios and essential limitations of security technologies, as justification for specific recommendations. Read more.
Industrial Internet Consortium (IIC)
“Industrial Internet of Things, Volume G4: Security Framework“
Published: September 2016
The framework discusses host-based, cryptographic, and network flow control protections, including a variety of unidirectional gateway technologies, in detail. The document is unique in the way it describes the need to balance the host-based and cryptographic protections central to IoT technologies with the network-flow-control control concepts described as essential to industrial control systems. Read more.
Department of the Interior – Bureau of Safety and Environmental Enforcement (BSEE)
“Well Control Rule – Oil and Gas and Sulfur Operations in the Outer Continental Shelf—Blowout Preventer Systems and Well Control; Final Rule“
Published: April 2016
The requirement of real time data monitoring makes connecting ICS and business networks unavoidable. Oil companies will need to consider a new host of vulnerabilities and risks associated with connecting drilling rig industrial control systems to outside data centers in real time. This scenario makes unidirectional gateways all the more relevant when meeting data requirements of the Well Control Rule. Read more.
Canadian Standards Association (CSA Group)
“Cyber security for nuclear power plants and small reactor facilities”
Published: April 2016
Generally speaking, nuclear sites face unique risks. However, when it comes to protecting control networks and critical infrastructure from cyber attacks, nuclear is no different from other industrial networks – nuclear is just leading the charge. Read more.
National Institute of Standards and Technology (NIST)
“NIST Special Publication 800-82 Revision 2 Guide to Industrial Control Systems (ICS) Security“
Published: May 2015
The standard outlines major security objectives for ICS and recommends firstly unidirectional gateways to restrict logical access to the ICS network. It also outlines the typical defense in depth strategy for ICS which will ideally have unidirectional gateways to provide logical separation between the corporate and ICS networks. Read more.
National Institute of Standards and Technology (NIST)
“Framework for Improving Critical Infrastructure Cybersecurity“
Published: February 2014
They have taken a cyber risk framework directly from an IT context and applied it to ICS. Not emphasizing prevention as a core function in the realm of protecting critical infrastructure is a weakness in the framework. Under the core function of “protect”, there is not specific guidance on protecting the perimeter or boundary of the ICS network. Read more.
International Society of Automation (ISA)
“ANSI/ISA‑62443‑3‑3 (99.03.03)-2013 Security for industrial automation and control systems Part 3-3: System security requirements and security levels“
Published: August 2013
The standard clearly states that the security goals and requirements for industrial control systems differ from those of IT networks. With the increased connectivity of business networks to control networks, new vulnerabilities present themselves. Read more.
North American Electric Reliability Corporation (NERC)
“CIP Cyber Security Standards Version 5”
Published: October 2012
The NERC CIP standards in particular are seen as a model of cyber security for other industries and critical infrastructures. The NERC CIP V5 standards are designed specifically to enhance the reliability of the Bulk Electric System through strong security. Read more.
English
Français
Español
עברית
Deutsch
日本語
한국어
中文
اَلْعَرَبِيَّةُ
