The National Institute of Standards and Technology has released a new draft publication that proposes to incorporate security concepts into the systems engineering stage of cyber-physical systems in an effort to protect these assets from threats.
NIST said Wednesday the publication recommends the inclusion of security factors to the original design throughout a system’s lifecycle for developers of smartphones, industrial systems and process control systems.
“The systems security engineering considerations in NIST SP 800-160 give organizations the capability to strengthen their systems against cyberattacks, limit the damage from those attacks if they occur, and make their systems survivable,” said Ron Ross, NIST fellow.
Ross told an Institute for Critical Infrastructure Technology forum in April the framework represents the agency’s holistic approach and strategy to help the government combat cyber attacks.
The security principles outlined in the draft apply to engineering design, system analysis, implementation and non-engineering processes.
NIST intends for the security considerations in the draft to address modern versions of manufacturing systems, environmental monitoring devices and the Internet of Things sensors.
The agency incorporated comments submitted for the first draft published in May 2014 and the agency seeks public feedback for the new draft no later than July 1.