This group brings together the best thinkers on energy and climate. Join us for smart, insightful posts and conversations about where the energy industry is and where it is going.

Richard Brooks's picture
Co-Founder and Lead Software Engineer Reliable Energy Analytics LLC

Inventor of patent 11,374,961: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™) software and SAGScore™...

  • Member since 2018
  • 1,474 items added with 626,446 views
  • Jul 31, 2020
  • 3590 views

I think everyone that reads my materials knows that I am a BIG believer in the NIST Cybersecurity Framework V 1.1. This short article from NIST's Ron Ross contains some insights and guidance, which I found useful. Here are my key take-aways:

-  In today’s cyber environment, diverse and highly skilled adversaries including nation-states, transnational groups, and criminal gangs, are seeking to subvert our critical systems such as the power grid

- The National Security Agency (NSA) and the Department of Homeland Security (DHS) recently issued an alert recommending that all asset owners and operators of critical infrastructure take immediate steps to reduce exposure across their operational technologies and control systems. [ RJB Alerts from CISA and NSA are meant to protect us, not scare us - take these alerts seriously, these are trusted organizations with ground truth ]

- NIST has resources that can help our critical infrastructure sectors as they implement the recommendations from NSA and DHS. NIST provides Industrial Control Systems (ICS) security guidance and state-of-the-practice security controls to help organizations implement many of these recommendations along with practical example solutions.

- NIST also has extensive guidance on developing cyber resilient systems, capable of addressing attacks from Advanced Persistent Threats.

- But what about the long-term solution for protecting critical systems in an era of complex systems, hyper connectivity, and cyber-physical convergence? NIST, along with its agency partners and industry, is working on that. In addition to the resources listed above, the following references may also be useful to help ensure that critical systems have the appropriate levels of protection, assurance, and resiliency to facilitate trust in those systems.

In addition to the linked article below, I highly recommend watching the SNG Cybersecurity Virtual session from 7/22: https://www.fedscoop.com/events/snglive/cybersecurity-july/

Richard Brooks's picture
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »