Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

The RIPE Experience

1.505 visualizaciones

Publicado el

Ralph Langner of The Langner Group at S4x15 OTDay.

Ralph explains how the RIPE framework and associated tools and templates can be used to implement and measure an ICS security program. This session was followed by a nuclear plant owner/operator who was implementing RIPE.

Publicado en: Tecnología
  • Inicia sesión para ver los comentarios

  • Sé el primero en recomendar esto

The RIPE Experience

  1. 1. The RIPE Experience RalphLangner TheLangnerGroup WashingtonDC|Hamburg|Munich
  2. 2. Axiom: ICSsecurityeffortsthatarenot integratedinacomprehensive proactiveprogramandstrategy, involvingempiricalverificationand metrics,areawasteoftimeand resources
  3. 3. RIPEFundamentals Generic&standardized Templates&checklists Metrics Continuousimprovement
  4. 4. WTFisRIPE? RIPE= R obust I ndustrialControlSystems P lanningand E valuation Aprocess-drivenapproachbasedon governance,verificationandmeasurement, andengineeringprinciples
  5. 5. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor ???Chasm PositionofRIPEtoexistingframeworks
  6. 6. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor Rain Dance Traditionalapproach:Bringinginthewitchdoctor ???
  7. 7. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor Methods & Templates RIPEapproach:Bringinginqualitymanagement Gover- nance & Metrics
  8. 8. PROPRIETARY Process-drivenApproach
  9. 9. Collective Intelligence Continuousimprovement Plant Floor Systems + Procedures Verify & Measure Analyze & Report Improved Instruments Deploy & Enforce Asset Owner or 3rd Party Langner 1Year Cycle
  10. 10. Cyber Security and Robustness Plant Planning & System Procurement System Inventory Network and Data Flow Diagrams Policies and SOPs Training Workforce Management FactorsaffectingICSsecurity
  11. 11. TheRIPEinstrumentstructure

×