The Bridge - Issue 2, 2023 - 12

Feature
A Barrier-based Approach to Cyber Security in Critical Infrastructures
[5] Directive (EU) 2022/2555 of the European Parliament and of the
Council of 14 December 2022 on measures for a high common
level of cybersecurity across the Union, amending Regulation (EU)
No 910/2014 and Directive (EU) 2018/1972, and repealing
Directive (EU) 2016/1148 (NIS 2 Directive) (Text with EEA
relevance), vol. 333. 2022. Accessed: Feb. 02, 2023. [Online].
Available: http://data.europa.eu/eli/dir/2022/2555/oj/eng
[6] JOINT COMMUNICATION TO THE EUROPEAN PARLIAMENT,
THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL
COMMITTEE AND THE COMMITTEE OF THE REGIONS
Cybersecurity Strategy of the European Union: An Open, Safe
and Secure Cyberspace. 2013. Accessed: Feb. 02, 2023.
[Online]. Available: https://eur-lex.europa.eu/legal-content/EN/
TXT/?uri=CELEX:52013JC0001
[7] JOINT COMMUNICATION TO THE EUROPEAN PARLIAMENT AND
THE COUNCIL Resilience, Deterrence and Defence: Building
strong cybersecurity for the EU. 2017. Accessed: Feb. 02, 2023.
[Online]. Available: https://eur-lex.europa.eu/legal-content/EN/
TXT/?qid=1505294563214&uri=JOIN:2017:450:FIN
[8] REGULATIONS RELATING TO MANAGEMENT AND THE DUTY TO
PROVIDE INFORMATION IN THE PETROLEUM ACTIVITIES AND
AT CERTAIN ONSHORE FACILITIES. 2021. Accessed: Feb. 02,
2023. [Online]. Available: https://www.ptil.no/en/regulations/allacts/?forskrift=611
[9]
O. Lysne, 'NOU 2015: 13 - Digital sårbarhet - sikkert samfunn -
Beskytte enkeltmennesker og samfunn i en digitalisert verden'.
Regjeringen, Nov. 30, 2015. Accessed: Dec. 01, 2022. [Online].
Available: https://www.regjeringen.no/no/dokumenter/nou-201513/id2464370/
[10]
'Norwegian Oil and Gas recommended guidelines on information
security baseline requirements for process control, safety and
support ICT systems', Norwegian Oil and Gas Association,
Guideline NOROG 104, 2016. Accessed: Aug. 01, 2022.
[Online]. Available: https://www.norskoljeoggass.no/arbeidsliv/
retningslinjer/integrerte-operasjoner/104-anbefalte-retningslinjerkrav-til-informasjonssikkerhetsniva-i-ikt-baserte-prosesskontroll-sikkerhets--og-stottesystemer-ny-revisjon-pr-05.12.2016/
[11]
'IEC 62443: Industrial communication networks - Network and
system security'. IEC. [Online]. Available: https://www.iec.ch/blog/
understanding-iec-62443
[12] T. Onshus et al., 'Security and Independence of Process Safety
and Control Systems in the Petroleum Industry', J. Cybersecurity
Priv., vol. 2, no. 1, pp. 20-41, 2022.
[13] H. W. Thomas, 'Cybersecurity Related to the Functional Safety
Lifecycle', ISA, ISA-TR84.00.09-2017, 2017. Accessed: Dec. 01,
2022. [Online]. Available: https://www.isa.org/products/isa-tr8400-09-2017-cybersecurity-related-to-the-f
[14]
'Industrial ICT systems'. https://www.ptil.no/en/technicalcompetence/explore-technical-subjects/news/2021/ict-security--robustness-in-the-industry/
(accessed Feb. 15, 2023).
[15] K. Øien and S. Hauge, 'Guidance for Barrier Management in the
Petroleum Industry', SINTEF Report SINTEF A27623, Sep. 2016.
[Online]. Available: https://www.sintef.no/globalassets/project/
pds/reports/pds-report-guidance-for-barrier-management-in-thepetroleum-industry.pdf
[16]
'Framework for Improving Critical Infrastructure Cybersecurity',
Feb. 2018. Accessed: Feb. 02, 2023. [Online]. Available:
https://www.nist.gov/cyberframework/framework
[17] ISO, 'ISO/IEC 27001:2013', Standard. Accessed: Mar. 22, 2022.
[Online]. Available: https://www.iso.org/cms/render/live/en/
sites/isoorg/contents/data/standard/05/45/54534.html
[18] 'Security and Privacy Controls for Information Systems and
Organizations', National Institute of Standards and Technology,
NIST Special Publication (SP) 800-53 Rev. 5, Dec. 2020. doi:
10.6028/NIST.SP.800-53r5.
[19] 'CIS Controls', CIS. https://www.cisecurity.org/controls/ (accessed
Feb. 02, 2023).
[20] 'COBIT 5 Framework Publications', ISACA. https://www.isaca.org/
resources/cobit/cobit-5 (accessed Feb. 02, 2023).
[21] H. Kanamaru, 'Bridging functional safety and cyber security of
SIS/SCS', in 2017 56th Annual Conference of the Society of
Instrument and Control Engineers of Japan (SICE), 2017, pp.
279-284.
[22] 'Industrial-process measurement, control and automation
- Framework for functional safety and security', IEC TR
63069:2019, 2019. Accessed: Feb. 02, 2023. [Online].
Available: https://webstore.iec.ch/publication/31421
[23] 'Functional safety - Safety instrumented systems for the process
industry sector', IEC, IEC 61511:2023 SER, 2023. Accessed:
Feb. 02, 2023. [Online]. Available: https://webstore.iec.ch/
publication/5527
[24] 'IEC 61508-1:2010'. Accessed: Jul. 11, 2022. [Online]. Available:
https://www.standard.no/no/Nettbutikk/produktkatalogen/
Produktpresentasjon/?ProductID=429346
[25] 'DNV-RP-G108 Guideline for the use of IEC 62443 in the oil and
gas industry', DNV. https://www.dnv.com/Default (accessed Feb.
02, 2023).
[26] 'Cyber Security for Industrial Automation and Control Systems
(IACS)', HSE OG-0086, 2018. Accessed: Feb. 02, 2023. [Online].
Available: https://www.hse.gov.uk/foi/internalops/og/og-0086.
pdf
[27] 'Considerations for cybersecurity during the safety lifecycle', The
61508 Association, T6A032, Nov. 2020. [Online]. Available:
https://www.61508.org/images/downloads/T6A032_Technical_
Guide_-_Considerations_for_Cybersecurity_during_the_Safety_
Lifecycle_V1_e112020.pdf
[28] 'Security Risk Assessment of SIS', NAMUR, Worksheet NA 163,
Dec. 2017. Accessed: Feb. 02, 2023. [Online]. Available: https://
www.namur.net/en/recommendations-and-worksheets/currentnena.html
[29]
'ISO/IEC 27005:2018'. ISO/IEC. Accessed: Nov. 04, 2022.
[Online]. Available: https://www.iso.org/cms/render/live/en/
sites/isoorg/contents/data/standard/07/52/75281.html
[30] IEC, 'IEC62443-3-2 :2020 Security for industrial automation and
control systems - Part 3-2: Security Risk assessment for system
design', International Electrotechnical Commission, 2020.
THE BRIDGE

https://www.nist.gov/cyberframework/framework https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/05/45/54534.html https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/05/45/54534.html http://data.europa.eu/eli/dir/2022/2555/oj/eng https://www.cisecurity.org/controls/ https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52013JC0001 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52013JC0001 https://www.isaca.org/resources/cobit/cobit-5 https://www.isaca.org/resources/cobit/cobit-5 https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1505294563214&uri=JOIN:2017:450:FIN https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1505294563214&uri=JOIN:2017:450:FIN https://www.ptil.no/en/regulations/all-acts/?forskrift=611 https://webstore.iec.ch/publication/31421 https://www.ptil.no/en/regulations/all-acts/?forskrift=611 https://webstore.iec.ch/publication/5527 https://webstore.iec.ch/publication/5527 https://www.regjeringen.no/no/dokumenter/nou-2015-13/id2464370/ https://www.regjeringen.no/no/dokumenter/nou-2015-13/id2464370/ https://www.standard.no/no/Nettbutikk/produktkatalogen/Produktpresentasjon/?ProductID=429346 https://www.standard.no/no/Nettbutikk/produktkatalogen/Produktpresentasjon/?ProductID=429346 https://www.dnv.com/Default https://www.norskoljeoggass.no/arbeidsliv/retningslinjer/integrerte-operasjoner/104-anbefalte-retningslinjer-krav-til-informasjonssikkerhetsniva-i-ikt-baserte-prosesskontroll--sikkerhets--og-stottesystemer-ny-revisjon-pr-05.12.2016/ https://www.norskoljeoggass.no/arbeidsliv/retningslinjer/integrerte-operasjoner/104-anbefalte-retningslinjer-krav-til-informasjonssikkerhetsniva-i-ikt-baserte-prosesskontroll--sikkerhets--og-stottesystemer-ny-revisjon-pr-05.12.2016/ https://www.norskoljeoggass.no/arbeidsliv/retningslinjer/integrerte-operasjoner/104-anbefalte-retningslinjer-krav-til-informasjonssikkerhetsniva-i-ikt-baserte-prosesskontroll--sikkerhets--og-stottesystemer-ny-revisjon-pr-05.12.2016/ https://www.norskoljeoggass.no/arbeidsliv/retningslinjer/integrerte-operasjoner/104-anbefalte-retningslinjer-krav-til-informasjonssikkerhetsniva-i-ikt-baserte-prosesskontroll--sikkerhets--og-stottesystemer-ny-revisjon-pr-05.12.2016/ https://www.hse.gov.uk/foi/internalops/og/og-0086.pdf https://www.hse.gov.uk/foi/internalops/og/og-0086.pdf https://www.iec.ch/blog/understanding-iec-62443 https://www.iec.ch/blog/understanding-iec-62443 https://www.61508.org/images/downloads/T6A032_Technical_Guide_-_Considerations_for_Cybersecurity_during_the_Safety_Lifecycle_V1_e112020.pdf https://www.61508.org/images/downloads/T6A032_Technical_Guide_-_Considerations_for_Cybersecurity_during_the_Safety_Lifecycle_V1_e112020.pdf https://www.61508.org/images/downloads/T6A032_Technical_Guide_-_Considerations_for_Cybersecurity_during_the_Safety_Lifecycle_V1_e112020.pdf https://www.namur.net/en/recommendations-and-worksheets/current-nena.html https://www.namur.net/en/recommendations-and-worksheets/current-nena.html https://www.isa.org/products/isa-tr84-00-09-2017-cybersecurity-related-to-the-f https://www.namur.net/en/recommendations-and-worksheets/current-nena.html https://www.isa.org/products/isa-tr84-00-09-2017-cybersecurity-related-to-the-f https://www.ptil.no/en/technical-competence/explore-technical-subjects/news/2021/ict-security---robustness-in-the-industry/ https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/07/52/75281.html https://www.ptil.no/en/technical-competence/explore-technical-subjects/news/2021/ict-security---robustness-in-the-industry/ https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/07/52/75281.html https://www.ptil.no/en/technical-competence/explore-technical-subjects/news/2021/ict-security---robustness-in-the-industry/ https://www.sintef.no/globalassets/project/pds/reports/pds-report-guidance-for-barrier-management-in-the-petroleum-industry.pdf https://www.sintef.no/globalassets/project/pds/reports/pds-report-guidance-for-barrier-management-in-the-petroleum-industry.pdf https://www.sintef.no/globalassets/project/pds/reports/pds-report-guidance-for-barrier-management-in-the-petroleum-industry.pdf

The Bridge - Issue 2, 2023

Table of Contents for the Digital Edition of The Bridge - Issue 2, 2023