Content deleted Content added
m Reference list duplication |
m Typo/general fixes, replaced: intented → intended |
||
Line 12:
* Enterprise integration (using plant, corporate and even public networks) means that process control systems (legacy) are now being subjected to stresses they were not designed for
* Demand for Remote Access - 24/7 access for engineering, operations or technical support means more insecure or rogue connections to control system
* [[Security
The cyber threats and attack strategies on automation systems are changing rapidly. Fortunately, regulation of control system security is rare as regulation is a slow moving process. The United States, for example, only does so for the [[nuclear power in the United States|nuclear power]] and the [[chemical industry|chemical industries]].<ref name="gross201104">{{cite web|url=http://www.vanityfair.com/culture/features/2011/04/stuxnet-201104|title=A Declaration of Cyber-War|author=Gross, Michael Joseph|first=|date=2011-04-01|work=Vanity Fair|publisher=Condé Nast|archiveurl=https://web.archive.org/web/20140713082739/http://www.vanityfair.com/culture/features/2011/04/stuxnet-201104|archivedate=2014-07-13|accessdate=2017-11-29|df=}}</ref>
== Government efforts ==
The U.S. Government [[Computer Emergency Readiness Team]] (US-CERT) originally instituted a [[control systems security program]] (CSSP) now the National Cybersecurity and Communications Integration Center (NCCIC) Industrial Control Systems, which has made available a large set of free National Institute of Standards and Technology (NIST) standards documents regarding control system security.<ref>{{cite web|url=http://www.us-cert.gov/control_systems/csstandards.html|title=Standards and References - NCCIC / ICS-CERT|website=ics-cert.us-cert.gov/|access-date=2010-10-27|archive-url=https://web.archive.org/web/20101026045026/http://www.us-cert.gov/control_systems/csstandards.html|archive-date=2010-10-26|url-status=dead}}</ref> The U.S. Government Joint Capability Technology Demonstration (JCTD) known as MOSIACS (More Situational Awareness for Industrial Control Systems) is the initial demonstration of cybersecurity defensive capability for critical infrastructure control systems.<ref>{{Cite web|title=More Situational Awareness For Industrial Control Systems (MOSAICS) Joint Capability Technology Demonstration (JCTD): A Concept Development for the Defense of Mission Critical Infrastructure – HDIAC|url=https://hdiac.org/articles/more-situational-awareness-for-industrial-control-systems-mosaics-joint-capability-technology-demonstration-jctd-a-concept-development-for-the-defense-of-mission-critical-infrastructure/|access-date=2021-07-31|language=en-US}}</ref> MOSAICS addresses the Department of Defense (DOD) operational need for cyber defense capabilities to defend critical infrastructure control systems from cyber attack, such as power, water and wastewater, and safety controls, affect the physical environment.<ref>{{Cite web|title=More Situational Awareness for Industrial Control Systems (MOSAICS): Engineering and Development of a Critical Infrastructure Cyber Defense Capability for Highly Context-Sensitive Dynamic Classes: Part 1 – Engineering – HDIAC|url=https://hdiac.org/articles/more-situational-awareness-for-industrial-control-systems-mosaics-engineering-and-development-of-a-critical-infrastructure-cyber-defense-capability-for-highly-context-sensitive-dynamic-classes-par/|access-date=2021-07-31|language=en-US}}</ref> The MOSAICS JCTD prototype will be shared with commercial industry through Industry Days for further research and development, an approach
== Industrial Cybersecurity Standards ==
| |||