Sunday, May 31, 2015

Useful CIKR Resources

This Blog is focused on offering the reader information on two very useful resources focused on Critical Infrastructure and Key Resources (CIKR).  And, because of the George Mason Monthly CIP Report, I was informed about another European-centric CIKR resource the student and professional may be interested.


Each month the George Mason University School of Law, Center for Infrastructure Protection and Homeland Security, publishes a newsletter focused on a different sector of CIKR.  This past month was on International Issues.  (BTW: The Center is moving to the School of Business in the next few months.)

You can subscribe to The CIP Report at no charge by going to this LINK.

You can visit the George Mason team at:   (The page view is below:)

Each month I look forward to this newsletter which is really more like a Journal focused on Critical Infrastructure Protection issues facing the US as well as globally.  As a CIKR professional you should benefit from the contemporary commentary in these monthly analyses.

(PS: The format is changing from a PDF to more of a web-based approach; however, the publication will still be sent out monthly.)


This month the immediate benefit from The CIP Report is an article prepared by three very notable European experts in the field of critical infrastructure and resilience.  The article is prepared around the CIPedia ( web site which is a "...Wiki-based body of common knowledge for the wide international community of critical infrastructure (CI) protection and resilience stakeholders such as policy makers, researchers, governmental agencies, emergency management organizations, CI operators and even the public."

CIPedia Home Page

According to the article in The CIP Report the CIPedia is developed within the European Critical Infrastructure Preparedness and Resilience Research Network (CIPRNet) project. 

Essentially, CIPedia is an international glossary on CIKR information.  CIPedia went public in mid-2014.

Of note, CIPedia is more than just a glossary -- as a CIKR portal it provides access to a list of CIP-related conferences, a table with web pointers to CIKR sector-specific glossaries and a pointer to the CIP bibliography.

Below is a screen shot of the CIPedia user links (left hand column).  You can see the links offer some more depth into other CIP-related areas:


If you are involved with Critical Infrastructure as a student or policy professional you will probably find the George Mason monthly report very useful and timely.  Secondly, access to the CIPedia and to the CIPRNet will increase your access to new documents and papers on CIKR from an European perspective.  For myself, just wandering around the sites for a few minutes surprised me at some of the work being done in Europe on cascading events studies, as an example.

Take the time to subscribe to The CIP Report and be sure to save the links to the CIPedia and CIPRNet.


Tuesday, May 26, 2015

New ICS Primer from ISACA

Industrial Control Systems (ICS) security continues to gain momentum and awareness in the cyber community.  ISACA has recently published its own version of ICS security awareness (cover of the document is below).

ISACA has published Industrial Control Systems: A Primer for the Rest of Us which can be obtained for no charge (registration is required) at 

If you are not familiar with ISACA ( it has been around since 1969 and has about 115,000 constituents in 180 countries.  You may recognize ISACA as supporting COBIT and also the Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certifications.

As you glance through the 19-page document you will recognize most of the graphics used come from either NIST 800-82, Guide to Industrial Control Systems (ICS) Security by Keith Stouffer, et al, or adapted from the ICS-CERT Advisories located at:

One graphic that I especially liked was on page 13, Figure 7, showing a mind-map of Cybersecurity Threat Agents developed by our friends at the European Union Network and Information Security Agency (ENISA).  A copy of the graphic is below and can also be located at

So, the good news is we have another primer to pass along to our bosses and IT managers/technicians  to help them better understand what ICS security involves.  There are a few good ideas in the document such as a list of ICS Components (Pages 4-5) and other references back to the NIST 800-82 document for more details.