NIST has released an updated version of its flagship cyber resiliency publication, SP 800-160 Volume 2, Revision 1. The guidance helps organizations anticipate, withstand, recover from, and adapt to cyber threats, including increasingly destructive attacks from nation-states, criminal groups, and individuals.
The updated document introduces new content and terminology for specifying organizational cyber resiliency requirements. It provides guidelines for developing an integrated systems engineering approach to designing cyber-resilient systems, technical considerations for implementing cyber-resilient systems and controls, a secure development lifecycle framework, and an ensure action-oriented approach to systems security and cyber resiliency.
The publication also adds a new appendix containing an analysis of the potential effects of cyber resiliency on adversary tactics, techniques, and procedures used to attack operational technologies, including industrial control systems (ICS). The analysis shows how cyber resiliency approaches and controls described in NIST guidance can be used to reduce the risks associated with adversary actions that threaten ICSs and critical infrastructure sectors.
Keywords: NIST, Cyber-Resilient, Systems Security Engineering
