This publication and the abstract below was published by US-CERT in 2015. ICIT strongly encourages you to visit the US-CERT Publication Library to search for additional information security resources which are freely available.
Dams Sector Cybersecurity Framework Implementation Guidance
The National Institute of Standards and Technology (NIST) released the voluntary Framework for Improving Critical Infrastructure Cybersecurity (Framework) in February 2014 to provide a common language that critical infrastructure organizations1 can use to assess and manage their cybersecurity risk. The Framework enables an organization—regardless of its sector, size, degree of risk, or cybersecurity sophistication—to apply the principles and effective practices of cyber risk management to improve the security and resilience of its critical infrastructure. It recommends an approach that enables organizations to prioritize their cybersecurity decisions based on individual business needs without additional regulatory requirements.
Given the broad nature of the Framework, organizations cannot simply be “compliant” with the Framework or “adopt” it. Organizations have unique cybersecurity risks, including different threats, vulnerabilities, and tolerances, all of which affect benefits from investing in cybersecurity risk management. Rather, organizations must apply the principles, best practices, standards, and guidelines to their specific context and implement practices based on their own needs. The Dams Sector embraces the flexibility the Framework offers. The U.S. Department of Homeland Security (DHS), as the Sector-Specific Agency (SSA), worked with the Dams Sector Coordinating Council (SCC) and Government Coordinating Council (GCC) to develop this Implementation Guidance specifically for Dams Sector owners and operators. This Implementation Guidance provides Dams Sector organizations with:
• Background on the Framework terminology, concepts, and benefits of its use;
• A mapping of existing cybersecurity tools and resources used in the Dams Sector that can support Framework implementation; and
• Detailed Framework implementation steps tailored for Dams Sector owners and operators.