O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

The RIPE Experience

1.493 visualizações

Publicada em

Ralph Langner of The Langner Group at S4x15 OTDay.

Ralph explains how the RIPE framework and associated tools and templates can be used to implement and measure an ICS security program. This session was followed by a nuclear plant owner/operator who was implementing RIPE.

Publicada em: Tecnologia
  • Entre para ver os comentários

  • Seja a primeira pessoa a gostar disto

The RIPE Experience

  1. 1. The RIPE Experience RalphLangner TheLangnerGroup WashingtonDC|Hamburg|Munich
  2. 2. Axiom: ICSsecurityeffortsthatarenot integratedinacomprehensive proactiveprogramandstrategy, involvingempiricalverificationand metrics,areawasteoftimeand resources
  3. 3. RIPEFundamentals Generic&standardized Templates&checklists Metrics Continuousimprovement
  4. 4. WTFisRIPE? RIPE= R obust I ndustrialControlSystems P lanningand E valuation Aprocess-drivenapproachbasedon governance,verificationandmeasurement, andengineeringprinciples
  5. 5. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor ???Chasm PositionofRIPEtoexistingframeworks
  6. 6. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor Rain Dance Traditionalapproach:Bringinginthewitchdoctor ???
  7. 7. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor Methods & Templates RIPEapproach:Bringinginqualitymanagement Gover- nance & Metrics
  8. 8. PROPRIETARY Process-drivenApproach
  9. 9. Collective Intelligence Continuousimprovement Plant Floor Systems + Procedures Verify & Measure Analyze & Report Improved Instruments Deploy & Enforce Asset Owner or 3rd Party Langner 1Year Cycle
  10. 10. Cyber Security and Robustness Plant Planning & System Procurement System Inventory Network and Data Flow Diagrams Policies and SOPs Training Workforce Management FactorsaffectingICSsecurity
  11. 11. TheRIPEinstrumentstructure

×