Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

The RIPE Experience

1.504 Aufrufe

Veröffentlicht am

Ralph Langner of The Langner Group at S4x15 OTDay.

Ralph explains how the RIPE framework and associated tools and templates can be used to implement and measure an ICS security program. This session was followed by a nuclear plant owner/operator who was implementing RIPE.

Veröffentlicht in: Technologie
  • Loggen Sie sich ein, um Kommentare anzuzeigen.

  • Gehören Sie zu den Ersten, denen das gefällt!

The RIPE Experience

  1. 1. The RIPE Experience RalphLangner TheLangnerGroup WashingtonDC|Hamburg|Munich
  2. 2. Axiom: ICSsecurityeffortsthatarenot integratedinacomprehensive proactiveprogramandstrategy, involvingempiricalverificationand metrics,areawasteoftimeand resources
  3. 3. RIPEFundamentals Generic&standardized Templates&checklists Metrics Continuousimprovement
  4. 4. WTFisRIPE? RIPE= R obust I ndustrialControlSystems P lanningand E valuation Aprocess-drivenapproachbasedon governance,verificationandmeasurement, andengineeringprinciples
  5. 5. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor ???Chasm PositionofRIPEtoexistingframeworks
  6. 6. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor Rain Dance Traditionalapproach:Bringinginthewitchdoctor ???
  7. 7. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor Methods & Templates RIPEapproach:Bringinginqualitymanagement Gover- nance & Metrics
  8. 8. PROPRIETARY Process-drivenApproach
  9. 9. Collective Intelligence Continuousimprovement Plant Floor Systems + Procedures Verify & Measure Analyze & Report Improved Instruments Deploy & Enforce Asset Owner or 3rd Party Langner 1Year Cycle
  10. 10. Cyber Security and Robustness Plant Planning & System Procurement System Inventory Network and Data Flow Diagrams Policies and SOPs Training Workforce Management FactorsaffectingICSsecurity
  11. 11. TheRIPEinstrumentstructure

×