NIST Releases Cybersecurity Framework

March 6, 2014
Following President Obama’s executive order and presidential policy directive on cybersecurity in February 2013, NIST has formally announced the initial version of the Framework for Improving Critical Infrastructure Cybersecurity.

National Institute of Standards and Technology (NIST) has released the first version of its Framework for Improving Critical Infrastructure Cybersecurity. Created through industry and government collaboration, the Framework consists of standards, guidelines, and practices to provide industry with a “prioritized, flexible, repeatable, and cost-effective approach to help owners and operators of critical infrastructure manage cybersecurity-related risk.”

In terms of how it impacts Automation World readers, the Department of Homeland Security identifies critical infrastructure as including the following industry types:
• Primary metal manufacturing;
• Machinery manufacturing;
• Electrical equipment, appliance and component manufacturing;
• Transportation equipment manufacturing;
• Chemical processing, including specialty, agricultural, pharmaceutical and consumer products chemicals;
• Defense industry;
• Electricity, petroleum and natural gas industries;
• Food and beverage processing and manufacturing; and
• Water/wastewater

Access the Department of Homeland Security’s list of identified critical infrastructure sectors.

The Framework is the result of Executive Order (EO) 13636: Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive (PPD)-21:Critical Infrastructure Security and Resilience issued by President Obama in February 2013.

Following the announcement of the Framework’s release, Rockwell Automation endorsed it. “Rockwell Automation is honored to have actively contributed to the development of the Cybersecurity Framework that will help address cyber risks to critical infrastructure and manufacturing processes alike,” said Keith Nosbusch, chairman and CEO of Rockwell Automation. “This guideline provides a flexible structure that can help organizations improve information security protection programs to manage risks to industrial control and information systems."

The Department of Homeland Security's Critical Infrastructure Cyber Community C³ Voluntary Program was also formally announced at the time of the Framework’s release.  The Critical Infrastructure Cyber Community C³ (pronounced “C Cubed”) Voluntary Program is the coordination point within the Federal Government for critical infrastructure owners and operators interested in improving their cyber risk management processes. The C³ Voluntary Program aims to:
• Support industry in increasing its cyber resilience;
• Increase awareness and use of the Framework; and
• Encourage organizations to manage cybersecurity as part of an all hazards approach to enterprise risk management.

NIST also issued a companion Roadmap that discusses NIST's next steps with the Framework and identifies key areas of cybersecurity development, alignment, and collaboration.

Sponsored Recommendations

Understanding and Using E-Stops

E-stops, or emergency stop switches, are used to ensure machine as well as personnel safety. They are used to provide a consistent and predictable failsafe response on a wide ...

Demystifying motor disconnect switches: What are they and how are they used?

From conveyor belts to drum mixers, motors are used in virtually every industrial application to drive machinery. Equipment downtime is the main motivation behind monitoring and...

Full Line of DIN Rail Terminal Blocks Video

Altech offers an extensive line of DIN Rail Terminal Blocks including all major Connection Technologies available in the industry to meet requirements for a vast variety of applications...

The Value of Integrating DIN Rail Cylindrical Fuse Holders Into Your Designs

What short circuit currents do I have to consider when purchasing a DIN rail cylindrical fuse holder? That data is available from the manufacturer. For example, Altech cylindrical...