{"id":739,"date":"2022-05-11T11:36:22","date_gmt":"2022-05-11T08:36:22","guid":{"rendered":"https:\/\/zerontek.com\/zt\/?p=739"},"modified":"2022-05-11T11:36:22","modified_gmt":"2022-05-11T08:36:22","slug":"nist-sp-800-82-rev-3","status":"publish","type":"post","link":"https:\/\/zerontek.com\/zt\/2022\/05\/11\/nist-sp-800-82-rev-3\/","title":{"rendered":"NIST SP 800-82   Rev 3"},"content":{"rendered":"\n<p>This is my comment and review on the new  NIST SP 800-82 draft (R3) and what I have seen  has changed as  compared to the revision 2 (R2) document. The first thing I noticed is that they changed their scope from ICS to OT. So they changed their name from &#8220;<s>Guide to Industrial Control Systems (ICS) Security<\/s>&#8221; to &#8220;<strong>Guide to Operational Technology (OT) Security<\/strong>&#8220;. The R3 document ( 318 pages ) is obviously larger than the R2 document ( 247 pages). The new draft is updated as follows: <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"495\" src=\"https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2022\/05\/nistr3-1024x495.jpg\" alt=\"\" class=\"wp-image-743\" srcset=\"https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2022\/05\/nistr3-1024x495.jpg 1024w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2022\/05\/nistr3-300x145.jpg 300w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2022\/05\/nistr3-768x371.jpg 768w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2022\/05\/nistr3.jpg 1373w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Revision 3 updates (1)<\/figcaption><\/figure>\n\n\n\n<p>They also renamed any chapter that has &#8220;<s>ICS<\/s>&#8221; title to &#8220;<strong>OT<\/strong>&#8221; title, for example  they renamed this chapter from : &#8220;<s>Applying Security Controls to ICS<\/s>&#8221; to &#8220;<strong>Applying the Cybersecurity Framework to OT<\/strong>&#8221; . You can see in this new chapter that they were aligning OT controls with the Cybersecurity Framework. <\/p>\n\n\n\n<p>What also caught my attention was the addition of new OT incidents. The old guide contains 8 events, while the new one contains 18 events. The following events were added:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Marconi Wireless Hack<\/li><li>Night Dragon<\/li><li>Ukrainian Power Grid, BlackEnergy3<\/li><li>New York Dam<\/li><li>Dragonfly Campaign, Havex<\/li><li>Ukrainian Power Grid, Industroyer<\/li><li>Maersk, NotPetya<\/li><li>Saudi Petrochem, TRITON<\/li><li>Norsk Hydro, LockerGoga<\/li><li>Honda, EKANS<\/li><li>Oldsmar Water Treatment Facility<\/li><li>Colonial Pipeline<\/li><li>Ransomware Targeting Healthcare<\/li><\/ul>\n\n\n\n<p>I noticed that they removed 2 incidents that were available before in the old guide: Brute Force Attacks on Internet-Facing Control Systems and Zotob Worm. I&#8217;m not sure for what reason. <\/p>\n\n\n\n<p>Other observations on my side was the addition of sector-specific resources , organizations , research  , activities , introduction  of  OT technologies such as iIOT, building automation systems and safety systems and physical access control\u00a0systems. The images throughout the guide were updated with new design. Happy learning. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">References:<\/h2>\n\n\n\n<ol class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-82\/rev-3\/draft\" target=\"_blank\">Guide to Operational Technology (OT) Security<\/a><\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"<p>This is my comment and review on the new NIST SP 800-82 draft (R3) and what I have seen has changed as compared to the revision 2 (R2) document. The first thing I noticed is that they changed their scope from ICS to OT. So they changed their name from &#8220;Guide to Industrial Control Systems [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,3,14,144,48],"tags":[13,6,145,12,47],"class_list":["post-739","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-ics-security","category-malware","category-nist","category-ot-security","tag-ics","tag-ics-security","tag-nist-sp-800-82-rev-3","tag-ot","tag-ot-security"],"_links":{"self":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/739","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/comments?post=739"}],"version-history":[{"count":18,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/739\/revisions"}],"predecessor-version":[{"id":758,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/739\/revisions\/758"}],"wp:attachment":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/media?parent=739"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/categories?post=739"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/tags?post=739"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}