NIST Releases Cybersecurity Framework

March 6, 2014
Following President Obama’s executive order and presidential policy directive on cybersecurity in February 2013, NIST has formally announced the initial version of the Framework for Improving Critical Infrastructure Cybersecurity.

National Institute of Standards and Technology (NIST) has released the first version of its Framework for Improving Critical Infrastructure Cybersecurity. Created through industry and government collaboration, the Framework consists of standards, guidelines, and practices to provide industry with a “prioritized, flexible, repeatable, and cost-effective approach to help owners and operators of critical infrastructure manage cybersecurity-related risk.”

In terms of how it impacts Automation World readers, the Department of Homeland Security identifies critical infrastructure as including the following industry types:
• Primary metal manufacturing;
• Machinery manufacturing;
• Electrical equipment, appliance and component manufacturing;
• Transportation equipment manufacturing;
• Chemical processing, including specialty, agricultural, pharmaceutical and consumer products chemicals;
• Defense industry;
• Electricity, petroleum and natural gas industries;
• Food and beverage processing and manufacturing; and
• Water/wastewater

Access the Department of Homeland Security’s list of identified critical infrastructure sectors.

The Framework is the result of Executive Order (EO) 13636: Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive (PPD)-21:Critical Infrastructure Security and Resilience issued by President Obama in February 2013.

Following the announcement of the Framework’s release, Rockwell Automation endorsed it. “Rockwell Automation is honored to have actively contributed to the development of the Cybersecurity Framework that will help address cyber risks to critical infrastructure and manufacturing processes alike,” said Keith Nosbusch, chairman and CEO of Rockwell Automation. “This guideline provides a flexible structure that can help organizations improve information security protection programs to manage risks to industrial control and information systems."

The Department of Homeland Security's Critical Infrastructure Cyber Community C³ Voluntary Program was also formally announced at the time of the Framework’s release.  The Critical Infrastructure Cyber Community C³ (pronounced “C Cubed”) Voluntary Program is the coordination point within the Federal Government for critical infrastructure owners and operators interested in improving their cyber risk management processes. The C³ Voluntary Program aims to:
• Support industry in increasing its cyber resilience;
• Increase awareness and use of the Framework; and
• Encourage organizations to manage cybersecurity as part of an all hazards approach to enterprise risk management.

NIST also issued a companion Roadmap that discusses NIST's next steps with the Framework and identifies key areas of cybersecurity development, alignment, and collaboration.

About the Author

David Greenfield, editor in chief | Editor in Chief

David Greenfield joined Automation World in June 2011. Bringing a wealth of industry knowledge and media experience to his position, David’s contributions can be found in AW’s print and online editions and custom projects. Earlier in his career, David was Editorial Director of Design News at UBM Electronics, and prior to joining UBM, he was Editorial Director of Control Engineering at Reed Business Information, where he also worked on Manufacturing Business Technology as Publisher. 

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...