ethernautics

IT Solutions Architects and Cyber Security Engineering

Ethernautics, Inc. – Meissner: Cyber Security Standards, Best Practices and PRADL for Water Utilities

Ethernautics, Inc.

Ethernautics, Inc.

Mr. Michael W Meissner maintains extensive experience with Cyber Security as it relates to Critical Infrastructures and has extensive skill with industry best practice and regulatory compliance. Mr. Meissner has consolidated a a list of referenced standards to provide the industry with more detailed information on the steps necessary to implement the recommended cyber security controls, specific references to existing NIST, AWWA, and ISA standards are provided. The references provide the specific paragraph or section number in the referenced standard in which the applicable information can be found. The following table provides a list of the referenced standards and best practices:

Abbreviation Name Description
DHS-CAT U.S. Department of Homeland Security (DHS) Catalog of Control Systems Security: Recommendations for Standards Developers A body of recommended practices across industries and agencies to prevent cyber-attacks.
DHS DID DHS Recommended Practice: Improving Industrial Control Systems Cyber security with Defense-In-Depth Strategies A body of recommended practices specific to ICS and emphasizing Defense in Depth Strategies.
NIST 800-82 National Institute of Standards and Technology (NIST) SP800-82 Guide to Industrial Control Systems (ICS) Security The canonical standard for ICS systems.
NIST 800-53 NIST SP800-53 Rev. 3 with Appendix I Recommended Security Controls for Federal Information Systems and Organizations A comprehensive framework of controls to be used to create complex security controls and monitoring systems.
NIST 800-34 NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems Instructions and recommendations to implement short term recovery of damaged systems after an attack.
NIST 800-124 NIST Special Publication 800-124r1 Guidelines for Managing the Security of Mobile Devices in the Enterprise Considerations and guidelines for the implementation of mobile systems
ANSI/AWWA G430-09 Security Practices for Operations and Management Considerations and guidelines for the implementation of action for security of PCS systems.
*ANSI/AWWA G440-11 Emergency Preparedness Practices Considerations and guidelines for the implementation of action for security of PCS systems.
*ANSI/AWWA J100-10 Risk and Resilience Management for Water and Wastewater Systems Considerations of response and recovery actions that may include cyber-attack scenario.
*WRF/EPA/AWWA Business Continuity Planning for Water Utilities Considerations of disaster response plan for critical business enterprise systems including IT and PCS.
ISA-62443 ISA-99: Industrial Automation and Control Systems Security, ANSI/ISA 99 Considerations and guidelines for the implementation of PCS systems
ISO/IEC 27K ISO/IEC 27000-27007 + 15408: Information technology – Security techniques – Code of practice for information security management (formerly ISO/IEC 17799:2000) A certifiable framework to implement security programs.
ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems Information technology — Security techniques — Information security management systems — Requirements
EPA Cyber Security 101 for Water Utilities EPA Cyber Security 101 EPA Cyber Security 101
AAWA Cyber Security Roadmap Water Security Roadmap to Secure Control Systems in the Water Sector AAWA
Water Information Sharing and Analysis Center Water Information Sharing and Analysis Center (WaterISAC): WaterISAC
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) U.S. Department of Homeland Security, Control Systems Security Programs (CSSP): http://www.us-cert.gov/control_systems
ICS- Cert – Assessments CSSP’s Cyber Security Evaluation Tool (CSET) http://us-cert.gov/control_systems/satool.html
EPA Water Sector Cyber Security 101 EPA Support for Key Features of an Active and Effective Protective Program EPA Water Cyber Security Information
ANSI/AWWA G430: Security Practices for Operations and Management ANSI/AWWA G430: Security Practices for Operations and Management http://www.awwa.org/legislation-regulation/issues/utility-security.aspx#2801242-cybersecurity
Process Control System Security Guidance for the Water Sector Process Control System Security Guidance for the Water Sector AWWA Cyber Security Guide.pdf
AWWA Water Sector Cyber Security AWWA And the Water Sector and Chemical Security AWWA Water Sector Cyber Security.pdf
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Information

This entry was posted on July 9, 2015 by in Uncategorized.
%d bloggers like this: