critical infrastructure protection

• Framework for Improving Critical Infrastructure Cybersecurity

O v e r v i e w   o f   t h e   F r a m e w o r k
The Framework is a risk-based approach to managing cybersecurity risk, and iscomposed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces theconnection between business drivers and cybersecurity activities.

Ho w  t o   U s e   t h e   F r a m e wo r k
An organization can use the Framework as a key part of its systematic process for identifying, assessing, andmanaging cybersecurity risk. The Framework is not designed to replace existing processes; anorganization canuse itscurrent process and overlay it onto the Framework to determine gaps in itscurrent cybersecurity risk approach and develop a roadmap to improvement
https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf

• The NERC CIP (North American Electric Reliability Corporation critical infrastructure protection) plan is a set of requirements designed to secure the assets required for operating North America's bulk electric system. 

The NERC CIP plan consists of 9 standards and 45 requirements covering the security of electronic perimeters and the protection of critical cyber assets as well as personnel and training, security management and disaster recovery planning.

    CIP-002-1: Critical Cyber Asset Identification
    CIP-003-1: Security Management Controls
    CIP-004-1: Personnel and Training
    CIP-005-1: Electronic Security Perimeters
    CIP-006-1: Physical Security of Critical Cyber Assets
    CIP-007-1: Systems Security Management
    CIP-008-1: Incident Reporting and Response Planning
    CIP-009-1: Recovery Plans for Critical Cyber Assets

https://searchcompliance.techtarget.com/definition/NERC-CIP-critical-infrastructure-protection

• What You Need to Know about NERC CIP Cybersecurity Standards

energy and utility organizations have been tasked with meeting standards from the North American Electric Reliability Corp. (NERC) and mandated by the Federal Energy Regulation Commission (FERC).
NERC Critical Infrastructure Protection (CIP) standards are made up of nearly 40 rules and almost 100 sub-requirements. This is may sound like a lot, but as the name suggests, these provisions are critical for ensuring that electric systems are prepared for cyber threats.
Critical Assets: These assets include but are not limited to: Control systems, data acquisition systems and networking equipment, as well as hardware platforms running virtual machines or virtual storage.
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-you-need-to-know-about-nerc-cip-cybersecurity-standards/

• New ISA/IEC 62443 standard specifies security capabilities for control system components

The ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC), provides a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACSs).
https://www.isa.org/intech/201810standards/

• IEC 62443 Security Assurance Levels Explained

Schneider Electric has created a white paper to introduce IEC 62443 concepts to an individual with limited exposure to cybersecurity in industrial control systems.  The paper defines security assurance levels and illustrates how architectures can change as security assurance level targets are increased.
https://blog.se.com/cyber-security/2018/03/30/iec-62443-security-assurance-levels-explained/

• How to implement IEC 62443

With Industrie 4.0 and Industrial IoT, the Industrial Automation and Control Systems industry faces exciting opportunities. Along with these opportunities come security threats: industrial environments must be prepared for rising cyberattacks to prevent equipment damage, downtime, and safety issues.
https://www.infineon.com/cms/en/product/promopages/iec62443/