In response to Executive Order (EO) 13636, NIST released version 1 of "Framework for Improving Critical Infrastructure Cybersecurity" in February 2014. It says the EO defines critical infrastructure as "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters," which is certainly potentially a broad swath of industry. Critical infrastructure is commonly assumed to be utilities, emergency responders and similar, but it could and perhaps should include all forms of manufacturing, or at least those related to the energy industry and other hazardous goods.
The EO's Framework model works somewhat like most risk management tools, developing a grid of functions (Core) versus compliance (Tiers) to determine your level of risk and compliance. A number of tools are available to assist with performing the analysis, and Table 2 in Appendix A includes a wide range of references for each of the identified functions and subcategories.
What, you may ask, does all this have to do with wireless?
To learn more about standards, read “New standards coming for cybersecurity of critical infrastructure” from Control.
