Power, water and wastewater utilities are critical infrastructure, and require ongoing industrial control system (ICS) cybersecurity risk reduction efforts. Taking a systematic and integrated approach to ICS cybersecurity can help with safe, reliable and efficient operations.
Many experts from these industries will gather at the July 29-August 2, 2018 Ovation Users’ Group Conference in Pittsburgh. There they will exchange knowledge about the technologies and practices that help address this challenge.
This training session will start by introducing each of the CIS Controls. Using experience from a recent “never been done before” project that encompassed five coal-fired power plants and one coal mine, the session then covers the benefits, challenges and lessons learned from using the Top 20 Critical Security Controls (CSC).
The original development of the CIS Controls was started by the U.S. National Security Agency (NSA) in 2008 as a project requested by the Department of Defense (DoD). The goal was to prioritize the multiple cybersecurity controls that existed based upon the prevalence of attack methods and frequency. While initially started as a government project, it was quickly opened to the private sector for input and collaboration.
Through a partnership between the NSA, the CIS, and the SANS Institute, a consortium was established to share knowledge and information. As the project progressed, additional members were added to the consortium—expanding to the base of data used to develop the list of controls.
Through this tight collaboration between the public and private sectors, they were able to publish an initial draft in early 2009. The draft was circulated to several hundred IT organizations for evaluation, and more than 50 provided comments on the draft. These comments were then used to provide additional refinements to the document.
The list of controls was found to have significant alignment with the 3,085 real-world attacks experienced by the State Department in FY2009. A project was then launched to implement the controls across the entire State Department’s cyber environment. It achieved great success, as they experienced “more than an 88% reduction” in vulnerability-based risk across 85,000 systems. The State Department’s program became a model for large government and private sector organizations.
CSC 1 through CSC 5 are often referred to as “Foundational Cyber Hygiene,” and are the basic controls that should be deployed to create a strong foundation for any cybersecurity program. According to CIS, several studies have shown that implementation of the first five CIS Controls provides an effective defense against the most common cyber-attacks, ~85% of attacks.
Join Jaime’s session and learn more about these basic, foundational and organizational CIS Controls and how the Power and Water Cybersecurity Suite and Emerson security services can help you improve your ICS cybersecurity defenses.
The post Applying Center for Internet Security ICS Cybersecurity Controls appeared first on the Emerson Automation Experts blog.
This is the official online community site of the Emerson Global Users Exchange, a forum for the free exchange of non-proprietary information among the global user community of all Emerson Automation Solution's products and services. Our goal is to improve the efficiency and use of automation systems and solutions employed at members’ facilities by sharing our knowledge, experiences, and application information.
User Groups |
World Areas |
Community Guidelines |
Legal Information |
Contact Community Manager
Website translation provided by
© 2015 Emerson Global Users Exchange. All rights reserved.