Cybersecurity standard to affect critical industries

New standard might improve all industries, critical or not.

By Ian Verhappen, P.Eng.

In response to Executive Order (EO) 13636, NIST released version 1 of "Framework for Improving Critical Infrastructure Cybersecurity" in February 2014. It says the EO defines critical infrastructure as "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters," which is certainly potentially a broad swath of industry. Critical infrastructure is commonly assumed to be utilities, emergency responders and similar, but it could and perhaps should include all forms of manufacturing, or at least those related to the energy industry and other hazardous goods.

The EO's  Framework model works somewhat like most risk management tools, developing a grid of functions (Core) versus compliance (Tiers) to determine your level of risk and compliance. A number of tools are available to assist with performing the analysis, and Table 2 in Appendix A includes a wide range of references for each of the identified functions and subcategories.

What, you may ask, does all this have to do with wireless?

To learn more about standards, read “New standards coming for cybersecurity of critical infrastructure” from Control.

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments