Bryan Owen

Exploring Partnership for Effective Incident Response

Blog Post created by Bryan Owen on Aug 29, 2016

The summer of 2016 set new highs for cyber security regulation. In North America, a strengthened version of critical infrastructure protection (CIP) standards for the bulk electric system became enforceable. The Federal Energy Regulatory Commission also issued Order 829 to address supply chain risk management for industrial control systems. In Europe, the strict Network and Information Security (NIS) directive passed parliament and starts the clock for compliance deadlines affecting member states and their critical infrastructure operators.


The penalty structure for NERC CIP can be as high as $1m per day per violation. NIS Directive allows for fines of up to €10m.  As a result we observe companies investing in serious cyber security programs. We are especially interested in finding ways to make your security team more effective.


Effective incident response is a common theme across these regulatory standards. Perhaps law is following industry hype ‘Be prepared, not scared’ and the FBI’s ‘there are two types of companies: those that have been hacked and those that don't know it yet’. Or perhaps the standards attempt to codify simple wisdom like Ben Franklin’s ‘An ounce of prevention is worth a pound of cure.’


In terms of OSIsoft:

  • What incident response triggers are relevant to the PI System? 
  • Are there opportunities for collaboration on incident response activities?


These high level questions and others are in scope of a cyber security project with Chevron. Initial findings suggest incident response for industrial control systems is far from trivial - especially amongst large organizations.

Ryan Cheff, Oronite Manufacturing Technical Architect, shares insights on the project in this joint presentation at the OSIsoft User Conference 2016. You can find the presentation here.


Aspects of the NIS Directive will be discussed in more detail next month during the EMEA Users Conference 2016 in Berlin.  The session on NIS is part of the Industrial IT track on day 2. Please reach out should your company be interested in exploring partnership on NIS requirements.


The summer of cyber bow-ties shows the PI System as part of a kill chain that helps you defend industrial control systems. Working in partnership we can better address your needs for effective incident response.