NIST seeks comments on major revision to industrial control systems security guide

May 22, 2014

The National Institute of Standards and Technology (NIST) has issued for public review and comment a proposed major update to its Guide to Industrial Control Systems (ICS) Security.*

Most industrial began as proprietary, stand-alone collections of hardware and software that were separated from the rest of the world and isolated from most external threats. Today, widely available , Internet-enabled devices, and other IT offerings have been integrated into many systems, and the data produced in ICS operations are increasingly used to support business decisions. This connectivity has delivered many benefits, but it also has increased the vulnerability of these systems to malicious attacks, equipment failures and many other threats.

Downloaded more than 2.5 million times since its initial release in 2006, the NIST guide advises on how to reduce the vulnerability of computer-controlled industrial systems used by industrial plants, public utilities and other major infrastructure operations to , equipment failures, errors, inadequate malware protection and other software-related threats.

The new draft—the second revision of the guide—includes updates to sections on ICS threats and vulnerabilities, risk management, recommended practices, architectures, and security capabilities and tools for ICS.

Due to their unique performance, reliability and safety requirements, securing industrial control systems often requires adaptations and extensions to security controls and processes commonly used in traditional IT systems. Recognizing this, a significant addition to the draft is a new appendix offering tailored guidance on how to adapt and apply security controls and control enhancements detailed in the 2013 comprehensive update of Security and Privacy Controls for Federal Information Systems and Organizations (NIST Special Publication 800-53, revision 4) to ICS. SP 800-53 contains a baseline set of that can be tailored for specific needs according to an organization's mission, operational environment, and the technologies used. The new draft Guide to Industrial Control Systems (ICS) Security includes an ICS overlay that adapts and refines that baseline to address the specialized security needs of utilities, chemical companies, food manufacturers, automakers and other users of industrial control systems.

Explore further: New NIST guidelines aim to help IT system developers build security in from the ground up

More information: The Guide to Industrial Control System (ICS) Security, Revision2 Initial Public Draft (NIST SP 800-82) can be downloaded from the NIST Computer Security Resource Center at:… p800_82_r2_draft.pdf. The public comment period runs from May 14 through July 18, 2014. Comments may be submitted by mail to: National Institute of Standards and Technology; Attn: Computer Security Division, Information Technology Laboratory; 100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899-8930; or by email to:

*K. Stouffer, S. Lightman, V. Pillitteri, M. Abrams and A. Hahn. Guide to Industrial Control Systems (ICS) Security. NIST Special Publication 800-82 Revision 2, Initial Public Draft. May 2014.

add to favorites email to friend print save as pdf

Related Stories

NIST updates guidelines for mobile device security

Jul 11, 2012

The National Institute of Standards and Technology (NIST) has released a proposed update to its guidelines for securing mobile devices—such as smart phones and tablets—that are used by the federal government. NIST ...

Recommended for you

Google searches hold key to future market crashes

8 hours ago

A team of researchers from Warwick Business School and Boston University have developed a method to automatically identify topics that people search for on Google before subsequent stock market falls.

Lenovo's smart glasses prototype has battery at neck

10 hours ago

China's PC giant Lenovo last week offered a peek at its Google Glass-competing smart glass prototype, further details of which are to be announced in October. Lenovo's glasses prototype is not an extreme ...

Amazon launches 3D printing store

13 hours ago

Amazon announced Monday the launch of an online store for 3D printed items to allow consumers to customize and personalize items like earrings, pendants, dolls and other objects.

User comments : 0