NIST issues final version of industrial control systems security guide

Guide to help critical infrastructure managers secure their industrial systems


The National Institute of Standards and Technology (NIST) announced this week that it has issued the fine version of its "Guide to Industrial Control Systems Security."

According to a statement, the guide, which was finalized after three rounds of public review and comment, is intended to help managers of critical infrastructure secure their systems while also addressing "their unique performance, reliability and safety requirements."

Industrial control systems, according to NIST, include supervisory control and data acquisition (SCADA) systems, distributed control systems and programmable logic controllers.

Due to the integration of Internet-enabled devices with industrial control systems, NIST says that securing these systems requires adaptions and extensions of its standards and guidelines for IT systems only, which the new guide covers.

"Securing an industrial control system requires a proactive, collaborative effort that engages cyber security experts, control engineers and operators and other experts and experienced workers," NIST mechanical engineer and lead author Keith Stouffer said in the statement. "It also requires factoring in—and addressing—new risks introduced by the evolving 'smart' electric power grid."

To download the free, 155-page guide, visit http://csrc.nist.gov/index.html.