{"id":12023,"date":"2018-04-16T11:00:11","date_gmt":"2018-04-16T19:00:11","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/04\/16\/news-5792\/"},"modified":"2018-04-16T11:00:11","modified_gmt":"2018-04-16T19:00:11","slug":"news-5792","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/04\/16\/news-5792\/","title":{"rendered":"Cyber-nationalism in Cybersecurity Standards"},"content":{"rendered":"<p><strong>Credit to Author: Daniel Desruisseaux| Date: Mon, 16 Apr 2018 12:00:12 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-47010\" src=\"https:\/\/blog.schneider-electric.com\/wp-content\/uploads\/2018\/03\/42-26606889_cybersecurity_AT.jpg\" alt=\"\" width=\"842\" height=\"596\" srcset=\"https:\/\/blog.schneider-electric.com\/wp-content\/uploads\/2018\/03\/42-26606889_cybersecurity_AT.jpg 842w, https:\/\/blog.schneider-electric.com\/wp-content\/uploads\/2018\/03\/42-26606889_cybersecurity_AT-300x212.jpg 300w, https:\/\/blog.schneider-electric.com\/wp-content\/uploads\/2018\/03\/42-26606889_cybersecurity_AT-768x544.jpg 768w\" sizes=\"auto, (max-width: 842px) 100vw, 842px\" \/>There are a variety of global standards that have been created to provide guidance to <a href=\"https:\/\/www.schneider-electric.com\/en\/work\/products\/automation-and-control.jsp\">Industrial Control System<\/a> (ICS) vendors and end users attempting to secure systems.\u00a0 Examples include ISA\/IEC 62443, and ISO\/IEC 15408.\u00a0 Many countries are utilizing these globally accepted standards to define ICS cybersecurity requirements.\u00a0 Several countries have begun to create independent cybersecurity requirements.\u00a0 Some examples include:<\/p>\n<ul>\n<li>China \u2013 GB\/T 22239 defines cybersecurity requirements for critical infrastructure.<\/li>\n<\/ul>\n<ul>\n<li>Russia \u2013 The Russian federation has defined FSTEK Order 31 and 187-FZ cybersecurity regulations.<\/li>\n<\/ul>\n<ul>\n<li>US \u2013 The US has not defined country specific requirements, but has created standards for specific industrial segments. NERC-CIP for example is applicable electrical utilities.\u00a0 NIST standards provide cybersecurity guidance, but are not required.<\/li>\n<\/ul>\n<ul>\n<li>Europe \u2013 The European Union is in the process of defining cybersecurity requirements through the ENISA agency.<\/li>\n<\/ul>\n<ul>\n<li>France \u2013 The French information security agency (ANSSI) developed the CSPN certification for products sold into France. Germany and the Netherlands are also in the process of creating the similar requirements.<\/li>\n<\/ul>\n<p>The creation of cybersecurity regulations is a positive thing as it will help to improve solution security.\u00a0 Implementation of a variety of disparate standards may impact product time to market and cost, particularly if the documents do not convergence on the requirements or certification schemes.\u00a0 Let\u2019s consider an example to illustrate the point.<\/p>\n<p>Let\u2019s assume an ICS vendor is planning a new product.\u00a0 The development team would have to ensure that it has obtained the latest version of each national requirements document to create the product specification.\u00a0 New ICS platforms can have multi-year development cycles, which introduces risk that national regulations could change during the development cycle.\u00a0 Some countries require verification using in country certification labs &#8211; the vendor may have to send products to different certification labs.\u00a0 Regulations may also require that encryption keys be provided to nation states, which would result in country specific offers.\u00a0 Countries can also push for inclusion of requirements that favor domestic products.\u00a0 This could impact companies who attempt to sell a solution.\u00a0 Assume for example that an ICS vendor must certify a solution that favors firewalls from each host country.\u00a0 Note that countries can also create requirements for different industrial segments \u2013 critical infrastructure vs. traditional manufacturing environments which can further complicate things.<\/p>\n<p>In conclusion, adding cybersecurity features at the product and solution level is a good thing.\u00a0 The creation of a variety of independent standards could negatively impact product cost and time to market \u2013 it is preferable to drive towards the harmonization of requirements or the adoption of international standards like IEC62443.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.schneider-electric.com\/cyber-security\/2018\/04\/16\/cyber-nationalism-in-cybersecurity-standards\/\">Cyber-nationalism in Cybersecurity Standards<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.schneider-electric.com\">Schneider Electric Blog<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.schneider-electric.com\/cyber-security\/2018\/04\/16\/cyber-nationalism-in-cybersecurity-standards\/\" target=\"bwo\" >http:\/\/blog.schneider-electric.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Daniel Desruisseaux| Date: Mon, 16 Apr 2018 12:00:12 +0000<\/strong><\/p>\n<p>There are a variety of global standards that have been created to provide guidance to Industrial Control System (ICS) vendors and end users attempting to secure systems.\u00a0 Examples include ISA\/IEC&#8230;  <a href=\"https:\/\/blog.schneider-electric.com\/cyber-security\/2018\/04\/16\/cyber-nationalism-in-cybersecurity-standards\/\" title=\"ReadCyber-nationalism in Cybersecurity Standards\">Read more &#187;<\/a><\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.schneider-electric.com\/cyber-security\/2018\/04\/16\/cyber-nationalism-in-cybersecurity-standards\/\">Cyber-nationalism in Cybersecurity Standards<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.schneider-electric.com\">Schneider Electric Blog<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[12389,12388],"tags":[13177,12608,4500,17984,16434,12667,12508],"class_list":["post-12023","post","type-post","status-publish","format-standard","hentry","category-scadaics","category-schneider","tag-cyber-attacks","tag-cyber-security","tag-cybersecurity","tag-cybersecurity-standards","tag-iec-62443","tag-industrial-control-systems","tag-machine-and-process-management"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12023","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12023"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12023\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12023"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}