NIST Releases Important Update on Cybersecurity for Industrial Control Systems

Posted on December 14, 2015 by

Updated link to NIST Guide to Industrial Control SystemsMost of us have heard the alarms about cyber threats and the vulnerabilities of US factories, electric utilities, the petroleum industry and other vital parts of our infrastructure. If you’re concerned or working on this issue, you may want to look at an update to the Guide to Industrial Control Systems [ICS] Security issued this afternoon by the Commerce Department’s National Institute of Standards and Technology.  

The report makes an important distinction about cybersecurity when it comes to ICS. The biggest difference is what can happen. While our focus always must be on IT security, industrial control systems pose unique issues not faced in most IT environments. If responses to an ICS attack fail to address it in real-time and almost immediately, people can be injured or killed and the environment can suffer extreme harm.  

Most cybersecurity damage comes in the forms of loss of privacy or cash. We usually face complex tasks of analyzing what happened, what agencies and third parties must be notified, what protections to implement, and how to defend litigation. They are serious enough, but what can happen when ICS is attacked is another order of magnitude.

 Industrial control systems last far longer than most IT. ICS often involves legacy systems lacking password protection, error logs, and can’t be encrypted. They frequently are proprietary systems understood only by skilled specialists who work on particular industry control systems and nothing else.

One of the major additions in this update is a new ICS overlay for utilities, chemical companies, food manufacturers, and automakers. An executive overview introduces the full 247 report titled NIST Special Publication 800-82 Revision 2. Public comment periods are set and feedback is requested.  

Living in an era of constant threats, it makes sense to have someone invest time in this update at most organizations with substantial industrial control systems. As soon as the report was released I sent it to my son who is a chemical engineer and has worked on control systems at refineries around the world. He knows how fast and how bad things can get. If you read this far, you probably do too.

 

 

 

NIST Guide to Industrial Control Systems

About Craig Pinkus

Craig Pinkus is a partner in the Intellectual Property Group. He also is a member of the Litigation and the Sports, Entertainment and Media Groups. He assists clients with a broad range of disputes and transactions involving all areas of intellectual property, entertainment, and other complex business arrangements. He has conducted trials and arbitrations throughout the United States and has argued appeals before the Seventh, Sixth and Federal Circuit Courts of Appeal, the Indiana appellate courts, and United States Supreme Court.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s