Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The RIPE Experience

1,481 views

Published on

Ralph Langner of The Langner Group at S4x15 OTDay.

Ralph explains how the RIPE framework and associated tools and templates can be used to implement and measure an ICS security program. This session was followed by a nuclear plant owner/operator who was implementing RIPE.

Published in: Technology
  • Login to see the comments

  • Be the first to like this

The RIPE Experience

  1. 1. The RIPE Experience RalphLangner TheLangnerGroup WashingtonDC|Hamburg|Munich
  2. 2. Axiom: ICSsecurityeffortsthatarenot integratedinacomprehensive proactiveprogramandstrategy, involvingempiricalverificationand metrics,areawasteoftimeand resources
  3. 3. RIPEFundamentals Generic&standardized Templates&checklists Metrics Continuousimprovement
  4. 4. WTFisRIPE? RIPE= R obust I ndustrialControlSystems P lanningand E valuation Aprocess-drivenapproachbasedon governance,verificationandmeasurement, andengineeringprinciples
  5. 5. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor ???Chasm PositionofRIPEtoexistingframeworks
  6. 6. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor Rain Dance Traditionalapproach:Bringinginthewitchdoctor ???
  7. 7. Practical Implementation RG 5.71, NEI 08- 09 10 CFR 73.54 ISA, ISO, IEC NIST CSF NERC CIP Req’s Guidance The conceptual “what” of ICS security The practical “how” of ICS security Real-world Stakeholders Actual architecture & behavior on the plant floor Methods & Templates RIPEapproach:Bringinginqualitymanagement Gover- nance & Metrics
  8. 8. PROPRIETARY Process-drivenApproach
  9. 9. Collective Intelligence Continuousimprovement Plant Floor Systems + Procedures Verify & Measure Analyze & Report Improved Instruments Deploy & Enforce Asset Owner or 3rd Party Langner 1Year Cycle
  10. 10. Cyber Security and Robustness Plant Planning & System Procurement System Inventory Network and Data Flow Diagrams Policies and SOPs Training Workforce Management FactorsaffectingICSsecurity
  11. 11. TheRIPEinstrumentstructure

×