Sign up to get full access all our latest Oil & Gas IQ content, reports, webinars, and online events.
Asset Management Connected Worker CyberSecurity Data & Analytics Decarbonization Digital Transformation EHS Operational Excellence
Asset Management Connected Worker CyberSecurity Data & Analytics Decarbonization Digital Transformation EHS Operational Excellence

Breaking Down the Cybersecurity Regulatory Framework in the U.S.

Understanding key cybersecurity (federal) laws and the National Security Memorandum (NSM).

Add bookmark
Oil & Gas IQ
11/15/2024
cybersecurity

The U.S., and indeed much of the world, is currently at an inflection point in terms of infrastructure. Large-scale modernization efforts and the digitalization of new energy sources, modes of transportation, healthcare, and semiconductor production, among other sectors, are expected to create an increasingly interconnected and interdependent economy. While this interdependence is likely to drive strong growth and efficiencies, it will also make the digital ecosystem more vulnerable to cyber-attacks. Therefore, the U.S. government has devised and implemented robust cybersecurity frameworks and industry standards designed to reduce cyber risks in the coming years.

Industry Standards and Regulatory Frameworks  

  • NIST SP 800-82: Guide to Industrial Control Systems (ICS) security provides recommendations for securing ICS, including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLCs). This guidance addresses the unique performance, reliability, and safety requirements of these industrial control systems. 
  • ISA/IEC 62443: These standards provide a comprehensive framework to help identify and mitigate security vulnerabilities in industrial automation and control systems (IACSs). 
  • NIST IR 8183: Cybersecurity Framework (CSF) Manufacturing Profile offers specific guidance on implementing the CSF to help reduce cyber risks within the manufacturing industry. 
  • American Works Association (AWWA): Water Sector Cybersecurity Risk Management Guidance provides guidelines to help protect the water sector Process Control Systems (PCS) from cyber-attacks. 
  • Nuclear Energy Institute (NEI) 08-09: This guidance helps nuclear power plant operators create and implement a Cyber Security Plan, as required by Title 10, Part 73, Section 73.54, "Protection of Digital Computer and Communication Systems and Networks," of the Code of Federal Regulations (CFR 10 73.54) as part of the licensing process. 
  • Cybersecurity and Infrastructure Security Agency (CISA): Recommended cybersecurity practices for industrial control systems that identifies the key focus areas for OT owners to consider when developing and implementing a robust cybersecurity strategy, also known as a defense-in-depth strategy. 
  • North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP): These standards outline mandatory security requirements for operators of the Bulk Electric Systems (BES) in North America. The NERC CIP framework includes 12 standards1 that are subject to enforcement, covering a range of cybersecurity requirements for the power grid - from security management controls to personnel and training, as well as supply chain risk management. 
  • CISA Chemical Facility Anti-Terrorism Standards (CFATS): This program identifies and regulates high-risk chemical facilities to ensure that appropriate security measures are in place. The goal is to reduce the risk of certain dangerous chemicals being weaponized by terrorists.  

Breaking Down The Cybersecurity Regulatory Framework in the U.S.

READ: 5 Trends Defining the OT and Cybersecurity Landscape

What is the National Security Memorandum? 
The National Security Memorandum (NSM) which came into effect in April 2024, is the government’s most up-to-date framework on cybersecurity. It replaces the Presidential Policy Directive (PPD) that was launched in February 2013. The key directives of the NSM are: 

  • Protecting the country’s critical infrastructure is a collective responsibility shared by the Federal, State, local, Tribal, and territorial entities, along with the owners and operators of critical infrastructure facilities
  • Enforcing minimum resilience and security requirements for critical infrastructure facilities and related systems shall be the federal government's primary responsibility
  • All stakeholders are required to share classified and unclassified information with each other
  • The Department of Homeland Security (DHS) will lead the government efforts to protect U.S. critical infrastructure, with the Cybersecurity & Infrastructure Security Agency (CISA) acting as the National Coordinator for Security and Resilience. The secretary of the DHS has to develop and present a biennial National Risk Management Plan summarizing the government’s efforts to manage risk related to the country’s critical infrastructure
  • Each of the 16 critical infrastructure sectors has been linked to a unique federal department or agency, also called the Sector Risk Management Agency (SRMA)1. SRMAs are responsible for maintaining daily relationships and sector-specific expertise to lead risk management and coordination within the designated sectors 

Learn more about how to create a robust cybersecurity architecture within your organization at our upcoming event:

The Connected Worker Energy Summit 
March 18-20, 2025 | Houston, TX

Tags: Cybersecurity National Security Memorandum USA

Upcoming Events

LNG Bunkering North America

November 18 - 20, 2024
Le Méridien Dania Beach, Fort Lauderdale

Register Now | View Agenda | View Event
LNG Bunkering North America

Webinar: Leveraging AI-Driven Visual Data Science for Enhanced Operational Excellence

18 November, 2024
Online

Register Now | View Event
Webinar: Leveraging AI-Driven Visual Data Science for Enhanced Operational Excellence

Methane Mitigation America Summit

December 3-5, 2024
Norris Conference Center (CityCentre), Houston, TX

Register Now | View Agenda | View Event
Methane Mitigation America Summit

Hydrogen Asia 2025

24 - 27 February, 2025
One Farrer Hotel, Singapore

Register Now | View Agenda | View Event
Hydrogen Asia 2025

Floating Power & Energy Storage

24 - 27 February, 2025
One Farrer Hotel, Singapore

Register Now | View Agenda | View Event

AI in Energy

February 24-25, 2025
Norris Conference Center (CityCentre), Houston, TX

Register Now | View Agenda | View Event
AI in Energy
MORE EVENTS

Follow Us

         

Latest Webinars

Webinar: Leveraging AI-Driven Visual Data Science for Enhanced Operational Excellence

2024-11-18
10:00 AM - 10:45 AM EST

Learn how AI-driven exploration, cross-layer data analysis, and visual data science are empowering t...
Webinar: Leveraging AI-Driven Visual Data Science for Enhanced Operational Excellence

Webinar: How Atlantic LNG Uses Live Barrier Models to Manage Risk

2024-09-04
10:00 AM - 10:45 AM EST

Learn how Atlantic LNG has developed and implemented a live barrier model to manage its operational...
Webinar: How Atlantic LNG Uses Live Barrier Models to Manage Risk

Is your HMI-SCADA System Out of Date? 5 Signs your HMI-SCADA System is Modern and Intuitive

2023-12-12
11:00 AM - 11:45 AM EST

In the ever-evolving landscape of industrial processes, it's vital that we keep pace with the latest...
Is your HMI-SCADA System Out of Date? 5 Signs your HMI-SCADA System is Modern and Intuitive
MORE WEBINARS

RECOMMENDED

FIND CONTENT BY TYPE

Oil & Gas IQ COMMUNITY

ADVERTISE WITH US

Advertise Now

JOIN THE Oil & Gas IQ COMMUNITY

Join Oil & Gas IQ today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

iqpc logo

Oil & Gas IQ, a division of IQPC

© 2024 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC| Contact Us | About Us | Cookie Policy