Since February 2013, industrial stakeholders (final users, vendors, integrators, professional organizations, etc.) and French governmental entities have been working together as part of a working group, lead by ANSSI, which aims at elaborating concrete and practical proposals to improve the cybersecurity of critical infrastructures.
The first results of this working group are the following two documents:
The first one describes a classification method for industrial control systems and the key measures to improve their cybersecurity.
The second one gives a more in-depth description of applicable cybersecurity measures.
These documents, which do not have the force of law, will serve as a basis for elaborating the rules required by French law 2013-1168 of December 18th, 2013. To that end, the upcoming concerted work by critical infrastructure operators, ministries and other relevant stakeholders may rely on the proposed methodology and list of measures in order to identify critical systems and elaborate the applicable security rules.
The original version, in French, is available here.
Powered by WPeMatico