We had recently posted about the NIST 800-82 Special Publication Revision 2 being updated and the draft version being published. Now this draft has been formally approved and hence now we have a full version available for implementation by stakeholders such as Asset Owners, Engineering Design Consultants, Contractors, Automation vendors, OT Cybersecurity professionals and any other persons or organizations who need to be aware of OT Cybersecurity.
What is NIST SP 800-82?
The National Institute of Standards and Technology (NIST) that is a part of the US Department of Commerce, has published various guidelines and good practices regarding Cybersecurity, including OT cybersecurity. The document that deals with OT cyber security is NIST 800-82. The current version is Revision 3. It is referred to as NIST 800-82 Rev 3 or as NIST SP 80082 rev3
What are the differences between NIST SP 800-82 Rev 2 and NIST SP 800 82 Rev 3?
The scope has expanded from Industrial Control Systems to all systems that use Operational Technology (OT). These OT systems are cyber-physical systems, which means that they monitor or control physical objects or parameters, unlike IT systems that only manipulate data.
OT systems are critical because they can be attacked in order to cause physical events including but not limited to fires, explosions, toxic gas releases, loss of containment that may result in asset damage, injuries to people and environmental damage, Note that a cyber attack on a pure IT system can only result in loss of data, or confidentiality or data theft, without any physical damage.
The new document has expanded in scope from industrial control systems (ICS) to operational technology (OT). Changes include:
-
-
- Updates to OT threats and vulnerabilities
- Updates to OT risk management, recommended practices, and architectures
- Updates to current activities in OT security
- Updates to security capabilities and tools for OT
- Additional alignment with other OT security standards and guidelines, including the Cybersecurity Framework
- New tailoring guidance for NIST SP 800-53, Rev. 5 security controls
- An OT overlay for NIST SP 800-53, Rev. 5 security controls that provides tailored security control baselines for low-, moderate-, and high-impact OT systems
-
Where can I learn more about OT cybersecurity?
You can browse around our website for free OT cybersecurity information including those related to standards such as IEC 62443 and NIST 800-82. If you would like to take a great OT Cybersecurity training program then you can consider the Abhisam CICP Course (Certified Industrial Cybersecurity Professional). Taking the course and passing the associated exam earns you a Certificate of Competency in Industrial Cybersecurity, the title of CICP that you can append after your name and an electronic badge that can be displayed on your LinkedIn profile.
Note that unlike other courses, this has holistic OT cyber security content and not just IEC 62443. Knowing and understanding IEC 62443 is important, but not the only thing that you need when dealing with OT cyber security.
Find out NIST SP 800-82 Rev 3 download details.
You can now download NIST SP 800-82 Rev 3 from here.
