Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Expert Dismisses NIST Cyber Security Framework, Proposes Alternative

Posted by timothy on from the he-did-it-his-way dept.

An anonymous reader writes "Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran's Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government's Cyber Security Framework. Langner's Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government's framework."

1 of 32 comments (clear)

  1. Re:Why not do what experts have recommended? by spacefight · · Score: 4, Informative

    Not to forget that ther was an air grap at Natanz - so we're talking about more than just shutting off nodes access to the net.

    Stuxnet, as an example, bridged the air gap multiple times via infected USB keys...