[adsanity align='alignnone' id=144278]
44.8 F
Washington D.C.
Friday, March 1, 2024
[adsanity align='alignnone' id=176381]

CISA, NIST Issue Critical Infrastructure Control Systems Cybersecurity Performance Goals

DHS will coordinate with its interagency and private sector partners to determine the applicability of the enhanced objectives within each sector.

On Wednesday, July 28, 2021, the President signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. The National Security Memorandum establishes a voluntary initiative intended to drive collaboration between the Federal Government and the critical infrastructure community to improve cybersecurity of control systems.  It instructs the Department of Homeland Security (DHS) to lead the development of preliminary cross-sector control system cybersecurity performance goals as well as sector-specific performance goals within one year of the date of the National Security Memorandum. These goals are intended to provide a common understanding of the baseline security practices that critical infrastructure owners and operators should follow to protect national and economic security, as well as public health and safety.

“Today, we are delivering on the first step of the President’s National Security Memorandum (NSM) objectives to strengthen the cybersecurity of our Nation’s critical infrastructure control systems,” Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina Raimondo said a joint statement. “DHS’s Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the Department of Commerce’s National Institute of Standards and Technology (NIST), developed preliminary cybersecurity performance goals based on nine categories of best practices. These goals are part of a long overdue, whole-of-government effort to meet the scale and severity of the cybersecurity threats facing our country. It is vital that critical infrastructure owners and operators immediately take steps to strengthen their cybersecurity posture toward these high-level goals. The safety and security of the American people relies on the resilience of the companies that provide essential services such as power, water, and transportation. We look forward to further engaging with key industry stakeholders to promote these efforts to protect our national and economic security.”

To inform the development of the cross-sector performance goals, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) conducted an initial crosswalk of available control system resources and recommended practices that were produced by the government and the private sector. The crosswalk focused on the following documents:

After reviewing the documents listed above, CISA and NIST identified nine categories of recommended cybersecurity practices and used these categories as the foundation for preliminary control system cybersecurity performance goals. Each of the nine goals includes specific objectives that support the deployment and operation of secure control systems that are further organized into baseline and enhanced objectives.

Baseline objectives represent recommended practices for all control system operators while the enhanced objectives include practices for critical infrastructure supporting national defense; critical lifeline sectors (i.e. energy, communications, transportation, and water); or where failure of control systems could have impacts to safety. DHS will coordinate with its interagency and private sector partners to determine the applicability of the enhanced objectives within each sector. In addition to the objectives, Example Evidence of Implementation is provided for each objective to demonstrate what successful implementation of an objective might entail for an organization. Successfully implementing all baseline objectives would equate to successful implementation of a goal.

It is important to note that while all of the goals outlined in this document are foundational activities for effective risk management, they represent high-level cybersecurity best practices.  Implementation of the goals and objectives listed here is not an exhaustive guide to all facets of an effective cybersecurity program.  These preliminary goals and objectives were developed and refined with as much interagency and industry input as practical for the initial timeline using existing coordinating bodies.  DHS expects to conduct much more extensive stakeholder engagement as the goals are finalized in the coming months.

Read more at CISA

Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

[adsanity align='alignnone' id=178352]

Latest Articles