To meet cyber security concerns, software and hardware vendors, system integrators, and other stakeholders need to work with end users to achieve a secure supervisory control and data acquisition (SCADA) solution. The U.S. National Institute of Standards and Technology (NIST) offers the Cybersecurity Framework ("the Framework") for systematically identifying the critical assets of the organization, identifying threats, and securing these critical assets. The Framework opens the door to partnerships that are more effective with cyber security prioritized so that the needs of the end user are fully met.
Cyber financial attacks such as the 83 million household and small-business records stolen from JPMorgan Chase Bank (Reuters, 2014) contribute to the 78% increase in financial impact of cybercrime in the past four years. In this same period, 40% of cyberattacks have been directed against energy companies (Siegel, Josh; Motorola Solutions, 2014). The U.S. government is focusing on the threat to the nation's critical infrastructure such as our electric grid, oil and gas pipelines, water and wastewater treatment facilities, and transportation infrastructure like tunnels and bridges.
Executive Order (EO) 13636 addressed protecting the U.S. critical infrastructure against cyber intrusions while directing the agencies responsible for the elements of the infrastructure to share information. The NIST Framework can be used to systematically identify the critical assets of the organization, identify the threats, and secure the critical assets. It is based on risk assessment techniques including periodic reassessment with the goal of identifying and neutralizing a threat before it occurs, but also on recovery plans in the case of a successful attack.