Revision as of 12:55, 27 December 2024 edit Mmu12345 (talk \| contribs) 23 edits →Automation and Control System Cybersecurity Standards: corrected information about IEC 62443 Tag: Visual edit ← Previous edit		Revision as of 11:40, 11 May 2025 edit undo Citation bot (talk \| contribs) Bots 5,871,142 edits Altered template type. Add: date, work, magazine, authors 1-1. Removed parameters. Some additions/deletions were parameter name changes. \| Use this bot. Report bugs. \| Suggested by Abductive \| Category:Computer security procedures \| #UCB_Category 34/72 Next edit →
Line 14: * Demand for Remote Access - 24x7 access for engineering, operations or technical support increases the attack surface, possibly leading to more insecure or rogue connections. * Increased awareness and understanding of industrial systems - As more and more people become aware of these systems, the strategy of [[Security through obscurity\|Security Through Obscurity]] is no longer viable. * Although the cyber threats and attack strategies on automation systems are changing rapidly, regulation of industrial control systems for security is rare and is a slow-moving process. The United States, for example, only does so for the [[nuclear power in the United States\|nuclear power]] and the [[chemical industry\|chemical industries]].<ref name="gross201104">{{cite ~~web~~magazine\|url=http://www.vanityfair.com/culture/features/2011/04/stuxnet-201104\|title=A Declaration of Cyber-War\|author=Gross, Michael Joseph~~\|first=~~\|date=2011-04-01\|~~work~~magazine=Vanity Fair\|publisher=Condé Nast\|archiveurl=https://web.archive.org/web/20140713082739/http://www.vanityfair.com/culture/features/2011/04/stuxnet-201104\|archivedate=2014-07-13\|accessdate=2017-11-29~~\|df=~~}}</ref> == Government efforts == Line 41: {{Main\|National Institute of Standards and Technology}} Although it is not a standard, the [[NIST Cybersecurity Framework]] (NIST CSF) provides a high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes. It is intended to help private sector organizations that provide [[critical infrastructure]] with guidance on how to protect it.<ref>{{cite web \| url=https://www.nist.gov/cyberframework/ \| title=NIST Cybersecurity Framework \| work=NIST \| date=12 November 2013 \| accessdate=2016-08-02 }}</ref> NIST Special Publication 800-82 Rev. 2 "''Guide to Industrial Control System (ICS) Security''" describes how to secure multiple types of Industrial Control Systems against cyber attacks while considering the performance, reliability, and safety requirements specific to ICS.<ref>{{cite ~~web~~journal \| ~~last~~last1=Stouffer \| ~~first~~first1=Keith \| last2=Lightman \| first2=Suzanne \| last3=Pillitteri \| first3=Victoria \| last4=Abrams \| first4=Marshall \| last5=Hahn \| first5=Adam \| title=Guide to Industrial Control Systems (ICS) Security \| website=CSRC \| NIST \| date=2015-06-03 \| doi=10.6028/NIST.SP.800-82r2 \| url=https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final \| access-date=2020-12-29}}</ref> == Control system security certifications ==

Control system security: Difference between revisions