Critical Infrastructure Protection at the Local Level: Water and Wastewater Treatement Facilities   [open pdf - 1MB]

"The increasing number of Industrial Control System (ICS) vulnerabilities, coupled with continuing revelations about ICS compromises, emphasizes the importance of securing critical infrastructure (CI) against cyber threats. The ability to adversely affect the operation of an ICS through cyberspace is exacerbated by increasing use of automations and implementation of common routing protocols to communicate with control devices. Local water treatment facilities are particularly vulnerable to this attack vector due to the need to manage key functions with minimal staff. Reacting to specific cyber risks without developing a holistic method to manage risk provides only a modicum of protection. This monograph demonstrates how focusing on risk management as a mitigation strategy-not individual risks-maximizes the security efforts at the local level. Some basic IT [information technology] security practices such as access control, physical security, and operations security can be applied to ICS security. However, determining which security controls to select and evaluating their effectiveness requires a process or framework that holistically considers risk across the enterprise. A risk management framework (RMF) allows an organization to assess risk in terms of impact to overall business operation: instead of assessing risks isolated to particular divisions within the organization. The National Institute of Standards and Technology (NIST) RMF, National Infrastructure Protection Plan (NIPP) RMF, and the NIST Cybersecurity for Critical Infrastruture are three complementary frameworks water facilities can employ to facilitate risk mitigation in a cost effective way."

Public Domain
Retrieved From:
Cyber Defense Review: http://cyberdefensereview.army.mil/
Media Type:
2018 International Conference on Cyber Conflict U.S. (CyCon U.S.). Washington DC. 14-15 Nov 2018.
Help with citations