Regulations, Policies and Best Practices « Waterfall Security Solutions

Home Knowledge Regulations, Policies and Best Practices

Regulations, Policies and Best Practices

Regulatory authorities overseeing Critical Infrastructures and Utilities have shown a growing concern regarding Cyber Terror and Cyber Crime. As a direct result, regulations, policies and requirements (from NRC, NERC, NIST and others) are becoming stricter and more rigorous.

One area addressed by all of the various regulations and policies is connections of critical (e.g.: SCADA, DCS, Production, Industrial) networks and external (business, third party, public) networks. All of the regulations urge industrial users to keep their critical assets totally segregated from external networks in order to protect against cyber terror and cyber attacks. Users, however, need to achieve this level of segregation yet still provide staff access to industrial and operational data.

NERC

Critical National Infrastructure is under a constant, yet invisible, threat from cyber hacking and cyber terror attempts that are being launched from external networks. These attacks (mainly - from the Internet) are targeting industrial Process Control Networks (PCN), Supervisory Control and Data Acquisition (SCADA) Networks and lower level Distributed Control Systems (DCS) and Process Control Systems (PCS) networks. more

NRC & NIST 800.53

NRC RG 5.71, currently in its Draft Final Rule, spells out the requirements for a cyber security plan to be submitted by the licensees for the NRC’s review and approval. The licensee is required to “provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks, up to and including the design basis threat as described in Title 10 of the Code of Federal regulations (10CFR) Part73, Section 73.1.” more