Cyber Research Center - Industrial Control Systems - CRC-ICS

  • "Oil & Gas are Targets for Political, Financial & Economical Reasons!"
  • "Are you Resilient to Overcome a Cyber Attack?"

Cyber Essentials: a Government-backed, Industry supported Scheme

Logo of the cyber essentials program of the UK Government
Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks. The UK government has worked with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop Cyber Essentials, a set of basic technical controls for organisations to use. The full scheme, launched on 5 June 2014, enables organisations to gain 1 of 2 new Cyber Essentials badges. It is backed by industry including the Federation of Small Businesses, the CBI and a number of insurance organisations which are offering incentives for businesses.

The Cyber Essentials Requirements document sets out the necessary technical controls. The Assurance Framework shows how the independent assurance process works and the different levels of assessment organisations can apply for to achieve the badges. It also contains guidance for security professionals carrying out the assessments.


From 1 October 2014, government requires all suppliers bidding for certain sensitive and personal information handling contracts to be certified against the Cyber Essentials scheme.

Cyber Essentials Documents

Cyber Essentials Scheme summary (www.CRC-ICS.net)

Cyber Essentials Scheme: Summary

Cyber essentials scheme: requirements for basic technical protection from cyber attacks
Cyber essentials scheme: Assurance Framework

Cyber Essentials Scheme: Assurance Framework

Ref: BIS/15/72/ PDF, 546KB, 12 pages

http://www.cyberessentials.org/

North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection Standards

NERC Reliability Standards are developed using an industry-driven, ANSI-accredited process that ensures the process is open to all persons who are directly and materially affected by the reliability of the North American bulk power system; transparent to the public; demonstrates the consensus for each standard; fairly balances the interests of all stakeholders; provides for reasonable notice and opportunity for comment; and enables the development of standards in a timely manner. Critical Infrastructure Protection (CIP)  standards mandatory for North America.

ISA99/IEC62443 Industrial Automation and Control Systems Security Standards

Industrial Automation and Control Systems Security

Industrial Automation and Control Systems Security

The ISA99 standards development committee brings together industrial cyber security experts from across the globe to develop ISA standards on industrial automation and control systems security. This original and ongoing ISA99 work is being utiilized by the International Electrotechnical Commission in producing the multi-standard IEC 62443 series.
For the latest information on ISA99 and the ongoing development of the ISA/IEC 62443 series of standards on the cyber security of industrial automation and control systems,  please visit: ISA99 Wiki.

US National Institute of Standards and Technology (NIST) Critical Infrastructure Cyber Security Framework

Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. The Order directed NIST to work with stakeholders to develop a voluntary framework  for reducing cyber risks to critical infrastructure. Latest Update to Industry: 23 February 2016 is the new deadline for request for information (RFI) responses to "Views on the Framework for Improving Critical Infrastructure Cybersecurity."