The Influence Of NIST And Ir7628
Posted: Sun Dec 22, 2024 5:05 am
The National Institute of Standards and Technology (NIST) recently published NISTIR 7628 Revision 1, Guidelines for Smart Grid Cybersecurity in order to provide “a comprehensive framework that organizations can use to develop effective cybersecurity strategies tailored to their particular combinations of smart grid-related characteristics, risks, and vulnerabilities.”17 Though NIST guidelines don’t impose the regulatory oversight of NERC CIPs, they still have impact in the energy sector.
Though NERC is perhaps taken more seriously, NIST standards are regularly integrated into many cybersecurity platforms, and they may point the way that critical infrastructure protection is going. Opinions australia mobile number list free vary on NIST’s importance. Because compliance to NIST guidelines is voluntarily, there is no mandate for companies to follow them. Additionally, the energy market is extremely fragmented and many businesses don’t have adequate personnel or the necessary funding to implement a lot of NIST’s suggested actions related to cybersecurity.
Money is probably the biggest factor in whether or not companies will follow NIST or even NERC. Factoring in the hundreds of priorities energy businesses have, the budgetary impact of cybersecurity implementation often takes a backseat to what seem to be more pressing immediate concerns. Beyond its presence as a buzzword, the Framework is costly to integrate and often a budget does not exist for such expenses. Beyond that, many doubt that industrial control system vendors can provide working solutions that operate in tandem with products from other vendors. They are wary of involving third parties. Security professionals know what they need to do, but they don’t know where to find the budget and they are unsure of what technology to use to implement the good ideas NERC and NIST suggest.
Though NERC is perhaps taken more seriously, NIST standards are regularly integrated into many cybersecurity platforms, and they may point the way that critical infrastructure protection is going. Opinions australia mobile number list free vary on NIST’s importance. Because compliance to NIST guidelines is voluntarily, there is no mandate for companies to follow them. Additionally, the energy market is extremely fragmented and many businesses don’t have adequate personnel or the necessary funding to implement a lot of NIST’s suggested actions related to cybersecurity.
Money is probably the biggest factor in whether or not companies will follow NIST or even NERC. Factoring in the hundreds of priorities energy businesses have, the budgetary impact of cybersecurity implementation often takes a backseat to what seem to be more pressing immediate concerns. Beyond its presence as a buzzword, the Framework is costly to integrate and often a budget does not exist for such expenses. Beyond that, many doubt that industrial control system vendors can provide working solutions that operate in tandem with products from other vendors. They are wary of involving third parties. Security professionals know what they need to do, but they don’t know where to find the budget and they are unsure of what technology to use to implement the good ideas NERC and NIST suggest.