The NIST Cybersecurity Framework

2022 ◽  
pp. 39-55
Author(s):  
Gregory B. White ◽  
Natalie Sjelin

With the increase in cybercrimes over the last few years, a growing realization for the need for cybersecurity has begun to be recognized by the nation. Unfortunately, being aware that cybersecurity is something you need to worry about and knowing what steps to take are two different things entirely. In the United States, the National Institute of Standards and Technology (NIST) developed the Cyber Security Framework (CSF) to assist critical infrastructures in determining what they need in order to secure their computer systems and networks. While aimed at organizations, much of the guidance provided by the CSF, especially the basic functions it identifies, are also valuable for communities attempting to put together a community cybersecurity program.

With the increase in cybercrimes over the last few years, a growing realization for the need for cybersecurity has begun to be recognized by the nation. Unfortunately, being aware that cybersecurity is something you need to worry about and knowing what steps to take are two different things entirely. In the United States, the National Institute of Standards and Technology (NIST) developed the Cyber Security Framework (CSF) to assist critical infrastructures in determining what they need in order to secure their computer systems and networks. While aimed at organizations, much of the guidance provided by the CSF, especially the basic functions it identifies, are also valuable for communities attempting to put together a community cybersecurity program.


Author(s):  
Gregory B. White ◽  
Mark L. Huson

The protection of cyberspace is essential to ensure that the critical infrastructures a nation relies on are not corrupted or disrupted. Government efforts generally focus on securing cyberspace at the national level. In the United States, states and communities have not seen the same concentrated effort and are now the weak link in the security chain. Until recently there has been no program for states and communities to follow in order to establish a viable security program. Now, however, the Community Cyber Security Maturity Model has been developed to provide a framework for states and communities to follow to prepare for, prevent, detect, respond to, and recover from potential cyber attacks. This model has a broad applicability and can be adapted to be used in other nations as well.


2001 ◽  
Vol 14 (4) ◽  
pp. 789-828
Author(s):  
Keith Wilson

The United States is abrogating the Anti-Ballistic Missile Treaty in order to deploy a limited missile defence shield. Amongst other developments, this is prompting a reconsideration of the global security framework. However, a crucial element is missing from the current missile defence proposals: a clearly articulated concept of peaceful use, applicable both to outer space and to earth-space. The deployment of missile defence runs counter to emerging norms. It has effects going far beyond the abandonment or re-configuration of specific Cold War agreements. In a community of nations committed to the maintenance of international peace and security (cf. national or plurilateral security), sustainable meaning for widely used and accepted norms of peaceful use and peaceful purposes is at risk.


Author(s):  
E. V. Batueva

The development of ICT and the formation of the global information space changed the agenda of national and international security. Such key characteristics of cyberspace as openness, accessibility, anonymity, and identification complexity determined the rise of actors in cyber space and increased the level of cyber threats. Based on the analyses of the U.S. agencies' approach, the author defines three major groups of threats: use of ICT by states, criminals and terrorists. This concept is shared by the majority of the countries involved in the international dialogue on information security issues and is fundamental for providing cyber security policy on both national and international levels. The United States is developing a complex strategy for cyber space that includes maximization of ICT's advantages in all strategically important fields as well as improvement of national information systems and networks security. On the international level the main task for the American diplomacy is to guarantee the U.S. information dominance. The United States is the only country that takes part practically in all international and regional fora dealing with cyber security issues. However process of the development of a global cyber security regime is not going to be fast due to countries' different approaches to key definitions and lack of joint understanding of cyber security issues as well as due to the position of the countries, among all the United States, that are not interested in any new obligatory international norms and principles. Such American policy aims at saving the possibility of using cyberspace capacity in reaching political and military goals, thus keeping the global leadership.


Author(s):  
Steven A. Arndt

Over the past 20 years, the nuclear power industry in the United States (U.S.) has been slowly replacing old, obsolete, and difficult-to-maintain analog technology for its nuclear power plant protection, control, and instrumentation systems with digital systems. The advantages of digital technology, including more accurate and stable measurements and the ability to improve diagnostics capability and system reliability, have led to an ever increasing move to complete these upgrades. Because of the difficulties with establishing digital systems safety based on analysis or tests, the safety demonstration for these systems relies heavily on establishing the quality of the design and development of the hardware and software. In the United States, the U.S. Nuclear Regulatory Commission (NRC) has established detailed guidelines for establishing and documenting an appropriate safety demonstration for digital systems in NUREG-0800, “Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition,” Chapter 7, “Instrumentation and Controls,” Revision 5, issued March 2007 [1], and in a number of regulatory guides and interim staff guidance documents. However, despite the fact that the United States has a well-defined review process, a number of significant challenges associated with the design, licensing, and implementation of upgrades to digital systems for U.S. plants have emerged. Among these challenges have been problems with the quality of the systems and the supporting software verification and validation (V&V) processes, challenges with determining the optimum balance between the enhanced capabilities for the new systems and the desire to maintain system simplicity, challenges with cyber security, and challenges with developing the information needed to support the review of new systems for regulatory compliance.


Author(s):  
Rosemary A. Burk ◽  
Jan Kallberg

AbstractCyber security tends to only address the technical aspects of the information systems. The lack of considerations for environmental long-range implications of failed cyber security planning and measures, especially in the protection of critical infrastructure and industrial control systems, have created ecological risks that are to a high degree unaddressed. This study compares dam safety arrangements in the United States and Sweden. Dam safety in the United States is highly regulated in many states, but inconsistent over the nation. In Sweden dam safety is managed by self-regulation. The study investigates the weaknesses and strengths in these regulatory and institutional arrangements from a cyber security perspective. If ecological and environmental concerns were a part of the risk evaluation and risk mitigation processes for cyber security, the hazard could be limited. Successful environmentally-linked cyber defense mitigates the risk for significant damage to domestic freshwater, aquatic and adjacent terrestrial ecosystems, and protects ecosystem function.


1999 ◽  
Vol 10 (2) ◽  
pp. 139-142

We are here to discuss emerging threats to America's security as we reach a new century. How do we respond to the threat of terrorists around the world, turning from bullets and bombs to even more insidious and potent weapons? What if they and the rogue states that sponsor them try to attack the critical computer systems that drive our society? What if they seek to use chemical, biological, even nuclear weapons? The United States must deal with these emerging threats now, so that the instruments of prevention develop at least as rapidly as the instruments of disruption.


Author(s):  
Ian Caine ◽  
◽  
Trenton Tunks ◽  
Carlos Serrano ◽  
◽  
...  

By the year 2050 the United States population will increase by half, with 70% living in a megaregion (Regional Plan Association, 2006). These numbers emphasize the critical link between large-scale territorial expansion and the prospects for successful urbanism. Currently, 11 mega-regions exist in the U.S., each bound together by a unique mixture of demographics, infrastructure, culture, and environment. As each megaregion grows, it must identify and leverage critical infrastructures that are capable of binding geographies and increasing efficiencies. This project speculates about one such strategy for the emerging megaregion known as the Texas Triangle.


2021 ◽  
Vol 11 (16) ◽  
pp. 7738
Author(s):  
Kyounggon Kim ◽  
Faisal Abdulaziz Alfouzan ◽  
Huykang Kim

Cyber-attacks have become commonplace in the world of the Internet. The nature of cyber-attacks is gradually changing. Early cyber-attacks were usually conducted by curious personal hackers who used simple techniques to hack homepages and steal personal information. Lately, cyber attackers have started using sophisticated cyber-attack techniques that enable them to retrieve national confidential information beyond the theft of personal information or defacing websites. These sophisticated and advanced cyber-attacks can disrupt the critical infrastructures of a nation. Much research regarding cyber-attacks has been conducted; however, there has been a lack of research related to measuring cyber-attacks from the perspective of offensive cybersecurity. This motivated us to propose a methodology for quantifying cyber-attacks such that they are measurable rather than abstract. For this purpose, we identified each element of offensive cybersecurity used in cyber-attacks. We also investigated the extent to which the detailed techniques identified in the offensive cyber-security framework were used, by analyzing cyber-attacks. Based on these investigations, the complexity and intensity of cyber-attacks can be measured and quantified. We evaluated advanced persistent threats (APT) and fileless cyber-attacks that occurred between 2010 and 2020 based on the methodology we developed. Based on our research methodology, we expect that researchers will be able to measure future cyber-attacks.


Sign in / Sign up

Export Citation Format

Share Document