Cyber Security Roadmap Ready to Go

Thursday, November 17, 2011 @ 04:11 PM gHale

The Cross-Sector Roadmap for Cybersecurity of Control Systems is now up and ready to go.

The document, created by the Industrial Control Systems Joint User Group (ICSJWG), is now available for review and use as a model for all sectors.

Smart Grid Security Framework Update
Utility Cyber Security in ‘Chaos’
Whitelisting a Solid Security Tool
Utility Cyber Security Outlay to Grow

This cross-sector roadmap came about over the last two years by industry and government thought leaders that saw the need for a unifying roadmap to secure control systems across all critical sectors.

They have succeeded in capturing the common elements of securing control systems from the different roadmaps developed by individual sectors over the last six years. However, unifying does not mean “one size fits all” and the crafters of this cross-sector roadmap hope other critical sectors that have not developed their own roadmap will either use this document as is or use it as a starting point to develop their own to secure control systems that reflects their sector’s unique needs and challenges.

The Cross-Sector Roadmap to Secure Control Systems describes a plan for voluntarily improving cyber security across all critical infrastructure/key resources (CIKR’s) that employ industrial control systems.

Leaders from the nation’s critical infrastructure sectors and government agencies recognize the need to plan, coordinate, and focus ongoing efforts to improve control system security. Industry stakeholders agree that a concise plan, with specific goals and milestones for implementing security across individual sectors, will prioritize critical needs and gaps to assist CIKR asset owners in reducing the risk of future cyber attacks on control systems.

This roadmap builds on existing government and industry efforts to improve the security of industrial control systems within the private sector by working with sector-specific associations and agencies established to promote consistent application of standards and guidance within any given sector.

This roadmap:
• Presents a vision, along with a supporting framework of goals and milestones, to improve the cyber security posture of ICSs across all CIKR’s
• Defines a consensus-based strategy that addresses the specific cyber security needs of owners and operators of CIKR facilities
• Proposes a comprehensive plan for improving the availability, security, reliability, and functionality of ICSs
• Proposes methods and programs that encourage participation and compliance by all stakeholders
• Guides efforts by industry, academia, and government
• Identifies opportunities for cooperative work across sectors

The roadmap promotes continuous improvement in the security posture of ICSs within CIKR sectors, allowing sectors to establish baselines to measure security performance against established metrics. As with everything else in the security arena, this document is a moving target and will change as the sectors mature in their security posture.
If there are any questions regarding the roadmap, feel free to email ICSJWG@DHS.GOV.

Leave a Reply

You must be logged in to post a comment.