Читать книгу Building an Effective Security Program for Distributed Energy Resources and Systems - Mariana Hentea - Страница 60

Cybersecurity standards enable organizations to practice safe security techniques and to reduce the number of successful cybersecurity attacks. In general, the standards provide outlines as well as specific techniques for implementing cybersecurity functions. Appendix J includes a list of most common acronyms used in the book.

Cybersecurity guidance is provided by national and international organizations. Standards are continuously developed and revised by different organizations, forums, and associations that are:

 International – e.g. IEC, ISA, ISO, ITU, IETF, IEEE.

 Consortium – e.g. SAE, OGC, ZigBee Alliance, HomePlug Alliance, Wi‐Fi Alliance, HomeGrid Forum, OASIS, ISF.

 Regional and National – e.g. NIST, ANSI, NEMA, ASHRAE, NAISB.

DOE is working with NIST to enable manufacturers of products to use current cybersecurity guidance. In 2012, the DOE published a guideline for risk management process [DOE 2012]. In the United States, NIST published standards that are mandatory for federal agencies as well as special publications that provide guidance for information system security for private industries. Examples of alliances include:

 ZigBee.

 Wi‐Fi.

 HomePlug.

 Powerline.

 Z‐Wave.

Current activities in ICS security are supported by many standards, programs, organizations, forum, and associations such as:

 American Gas Association (AGA) Standard 12, Cryptographic Protection of SCADA

Communications.

 American Petroleum Institute (API) Standard 1164, Pipeline SCADA Security.

 Center for Control System Security at Sandia National Laboratories (SNL).

 Chemical Sector Cyber Security Program.

 Chemical Industry Data Exchange (CIDX).

 DHS Control Systems Security Program (CSSP).

 DHS CSSP Recommended Practices.

 DHS Process Control Systems Forum (PCSF).

 Electric Power Research Institute (EPRI).

 Institute of Electrical and Electronics Engineers (IEEE).

 Institute for Information Infrastructure Protection (I3P).

 International Electrotechnical Commission (IEC) Technical Committees 65 and 57.

 ISA99 Industrial Automation and Control Systems Security Standards.

 ISA100 Wireless Systems for Automation.

 International Council on Large Electric Systems (CIGRE).

 LOGI2C – Linking the Oil and Gas Industry to Improve Cyber Security.

 National SCADA Test Bed (NSTB).

 NIST 800 Series Security Guidelines.

 NIST Industrial Control System Security Project.

 NIST Industrial Control Security Testbed.

 North American Electric Reliability Council (NERC).

 SCADA and Control Systems Procurement Project.

 US‐CERT Control Systems Security Center (CSSC).