Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

The RIPE Experience

1 501 vues

Publié le

Ralph Langner of The Langner Group at S4x15 OTDay.

Ralph explains how the RIPE framework and associated tools and templates can be used to implement and measure an ICS security program. This session was followed by a nuclear plant owner/operator who was implementing RIPE.

Publié dans : Technologie
  • Identifiez-vous pour voir les commentaires

  • Soyez le premier à aimer ceci

The RIPE Experience

  1. 1. The RIPE Experience RalphLangner TheLangnerGroup WashingtonDC|Hamburg|Munich
  2. 2. Axiom: ICSsecurityeffortsthatarenot integratedinacomprehensive proactiveprogramandstrategy, involvingempiricalverificationand metrics,areawasteoftimeand resources
  3. 3. RIPEFundamentals Generic&standardized Templates&checklists Metrics Continuousimprovement
  4. 4. WTFisRIPE? RIPE= R obust I ndustrialControlSystems P lanningand E valuation Aprocess-drivenapproachbasedon governance,verificationandmeasurement, andengineeringprinciples
  5. 5. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor ???Chasm PositionofRIPEtoexistingframeworks
  6. 6. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor Rain Dance Traditionalapproach:Bringinginthewitchdoctor ???
  7. 7. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor Methods & Templates RIPEapproach:Bringinginqualitymanagement Gover- nance & Metrics
  8. 8. PROPRIETARY Process-drivenApproach
  9. 9. Collective Intelligence Continuousimprovement Plant Floor Systems + Procedures Verify & Measure Analyze & Report Improved Instruments Deploy & Enforce Asset Owner or 3rd Party Langner 1Year Cycle
  10. 10. Cyber Security and Robustness Plant Planning & System Procurement System Inventory Network and Data Flow Diagrams Policies and SOPs Training Workforce Management FactorsaffectingICSsecurity
  11. 11. TheRIPEinstrumentstructure

×