Organizations that operate critical infrastructure – energy, communications, finance and transportation – are facing increasingly sophisticated, organized and persistent cyber threats to their control systems. Electrical grids, oil and gas distribution, municipal water facilities, hospital systems and other critical assets are increasingly interconnected and exposed to internet-borne malware, creating a high risk of disruption or damage.
In response, the White House issued a February 2013 executive order directing the National Institute of Standards and Technology (NIST) to establish a cybersecurity framework (CSF) for such organizations. This framework provides guidelines for assessing the risks posed by these threats and establishes a common language for organizations to evaluate their cybersecurity posture and to identify and prioritize opportunities to improve it.
IBM’s Industrial Controls Cybersecurity Consulting is designed to educate IBM clients on the details and mechanics of the NIST Cybersecurity Framework and perform a comprehensive assessment of a client’s security maturity relative to the guidelines, best practices and international standards referenced in the CSF. IBM consultants assess an organization's industrial controls against a security baseline, provide recommendations for improvement and develop a roadmap for enhancing the organization’s security program over the long term.