Ralph Langner of The Langner Group at S4x15 OTDay.
Ralph explains how the RIPE framework and associated tools and templates can be used to implement and measure an ICS security program. This session was followed by a nuclear plant owner/operator who was implementing RIPE.
5. Practical
Implementation
RG 5.71,
NEI 08-
09
10 CFR
73.54
ISA, ISO, IEC
NIST
CSF
NERC
CIP
Req’s
Guidance
The conceptual
“what” of ICS
security
The practical “how”
of ICS security
Real-world
Stakeholders
Actual architecture
& behavior on
the plant floor
???Chasm
PositionofRIPEtoexistingframeworks
6. Practical
Implementation
RG 5.71,
NEI 08-
09
10 CFR
73.54
ISA, ISO, IEC
NIST
CSF
NERC
CIP
Req’s
Guidance
The conceptual
“what” of ICS
security
The practical “how”
of ICS security
Real-world
Stakeholders
Actual architecture
& behavior on
the plant floor
Rain
Dance
Traditionalapproach:Bringinginthewitchdoctor
???
7. Practical
Implementation
RG 5.71,
NEI 08-
09
10 CFR
73.54
ISA, ISO, IEC
NIST
CSF
NERC
CIP
Req’s
Guidance
The conceptual
“what” of ICS
security
The practical “how”
of ICS security
Real-world
Stakeholders
Actual architecture
& behavior on
the plant floor
Methods &
Templates
RIPEapproach:Bringinginqualitymanagement
Gover-
nance &
Metrics
10. Cyber Security
and Robustness
Plant Planning
& System
Procurement
System
Inventory
Network and
Data Flow
Diagrams
Policies and
SOPs
Training
Workforce
Management
FactorsaffectingICSsecurity