NIST SP 800-82 - Industrial Control Systems Cybersecurity Framework

What is the NIST SP 800-82 Framework?

 

The National Institute of Standards and Technology (NIST) Special Publication 800-82 offers detailed assistance regarding how to protect Industrial Control Systems (ICS), that are commonly used in the electric, water and wastewater, oil and natural gas, pulp and paper, pharmaceutical, chemical, food and beverage, as well as discrete manufacturing (aerospace, automotive and durable goods) such as Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), addressing their specific performance, reliability, and security specifications. The framework offers a summary of common system topologies and ICS. 

 

ICS defines potential risks and weaknesses in such systems, and suggests cybersecurity measures to reduce the potential risks.

 

The most recent version, NIST Special Publication 800-82 Revision 2, was released June 10, 2015.
 

What are the requirements for the NIST 800-82 framework?

 

The following  are some insights to the Industrial Control Systems that the NIST 800-82 framework secures:

 

Major ICS Security Objectives

 

  • Restrict logical access to the ICS network and network activity 

  • Restrict physical access to the ICS network and devices 

  • Protect individual ICS components from exploitation 

  • Maintain functionality during adverse conditions 

  • Deploy security solution based on potential impact

 

ICS security control Overlay

 

ICS overlay provides tailored NIST SP 800-53, Rev 4 security control baselines for Low, Moderate, and High impact ICS and adds supplementary guidance specific to ICS.

 

The ICS overlay is intended to be applicable to all ICS systems in all industrial sectors. Further tailoring can be performed to add specificity to a particular sector (e.g., manufacturing).

 

The Security controls are organized into three classes: management, operational, and technical controls. 

Each class is broken into several families of controls, and each control contains a definition of the control, supplemental guidance, and possible enhancements that will increase the strength of a basic control.

 

In addition, NIST also focuses on network security architecture for ICS deployment that includes:

 

  • Network Segmentation and Segregation 

  • Boundary Protection 

  • Firewalls 

  • Specific ICS Firewall Issues: Remote Access 

  • Preventing Man-in-the-Middle Attacks 

  • Authentication and Authorization

 

ICS Security Program Development and Deployment

Integrating security into an ICS effectively necessitates the development and implementation of a robust security program that addresses every aspect of security, from defining objectives to day-to-day operation and ongoing auditing for compliance and improvement.

 

The basic process for developing a security procedure, include the following:

 

  • Acquire senior management buy-in

  • Build and train a cross-functional team

  • Specify charter and scope

  • Specify specific ICS policies and procedures

  • Classify and inventory ICS assets

  • Conduct a risk and vulnerability analysis

  • Specify the mitigation controls

  • Provide training and raise security awareness for ICS staff 

Why should you be NIST SP 800-82 compliant?

 

NIST SP 800-82 assists industries in reducing the vulnerability of computer-controlled platforms to cyber attacks, equipment breakdown, as well as other risks through offering advice on how to adapt traditional IT security controls to cater unique ICS performance, safety requirements and reliability.

Strengthening security in ICS systems is critical, especially since cyber attacks (such as DOS attacks, worms, viruses, etc.) have become very common and the risk has become very high.

The consequences of a cyber incident can be severe, particularly in the following areas:

 

Physical status: 

The most severe type of loss is that caused by a physical incident, which can result in human injury or even death. The environment may be harmed as well, and data may be lost.

 

Economic status: 

A cyber incident involving the operational level of the systems might prevent continued work for a short or long period of time, resulting in economic loss and, on a larger scale, potentially leading to global economic loss.

 

Social status: 

Incidents involving a security breach or a safety hazard could have long-term repercussions for investors, including all staff, stockholders, clients, suppliers and the neighborhoods in which an organization functions. Their social reputation will suffer, and word will spread about the organization's flaws worldwide.
 

How to achieve compliance?

To achieve the goals of an ICS program, a collaborative cybersecurity team is required. According to the NIST, the cybersecurity team should consist of IT professionals, a control engineer and system operator, a system and network security expert, a partner in the leadership team, and a member of the physical security unit. The team should communicate with the system vendor and the project developer. The team should also work closely with site management and the CIO or CSO, who is ultimately responsible for every incident affecting plant procedures. This is where Centraleyes provides tremendous ease and real-time risk management to your organization, CIO and CSO. 

Centraleyes meets the NIST 800-82 framework for companies protecting their ICS by providing streamlined, automated data collection and analysis, prioritized remediation guidance, and real-time customized scoring.

In addition, Centraleyes has mapped NIST 800-82 back to its control inventory allowing to share data across multiple frameworks through the platform, which saves valuable time and money and supports more accurate data. Organizations will gain complete insight into their cyber risk levels and compliance using the Centraleyes platform.