Adapting NIST SP 800-82r3 to tackle complexity of cyber threats across OT environments
October 15, 2023 – Published on Industrial Cyber
Amidst a backdrop of intensifying threats and perilously close near-miss attacks directly targeting operational technology (OT), the National Institute of Standards and Technology (NIST) recently unveiled the third iteration of the NIST SP 800-82 document. The new release underscores an expanded focus on OT, distinct from its prior emphasis on industrial control systems (ICS). Significantly, the NIST SP 800-82r3 publication incorporates critical updates covering the gamut of OT threats and vulnerabilities, while also advancing the field of OT risk management, recommended practices, and architectural considerations.
In a two-part feature article series, Industrial Cyber contacted cybersecurity experts in the industrial sector for an insightful comparison of the primary disparities between the earlier version of NIST SP 800-82 and the latest iteration, NIST SP 800-82r3, focusing on their respective scopes and objectives. They also delve into the long-term ambitions and anticipations for NIST SP 800-82 concerning its role in bolstering the security of OT and predict its likely trajectory in the years ahead.
The NIST Special Publication 800-82 Revision 3 introduces seven essential enhancements to strengthen the OT systems framework, Chris Warner, senior security consultant for OT governance and risk at GuidePoint Security, told Industrial Cyber. “One critical addition is the Risk Management Framework for OT Systems, offering a comprehensive approach to identify, evaluate, and mitigate risks associated with OT systems.”
“Additionally, the publication outlines Security Controls Based on Best Practices, encompassing access control, incident response, and network security. It emphasizes Security Assessments, advocating for structured methodologies to pinpoint vulnerabilities and enhance security posture,” Warner noted.