With cyberattacks on the increase, IEC has launched a number of initiatives to help combat these
Have you ever had your e-mail hacked or been informed that the personal information you have given to your credit card company has been breached?
Such breaches have become commonplace as our personal data is increasingly stored virtually. Though financial services are often targeted, more industries are being hit for other reasons.
Governments, industries and individuals under fire
Cyberattacks can also affect government organizations. If the goal is to disrupt an economy or everyday life, then energy companies, utilities and transport services are prime targets.
Protecting IT infrastructure systems
As concerns grow over the multitude of cyberattacks which affect individuals, companies, industries and governments, IEC has begun developing International Standards to combat these. A number of its Technical Committees (TCs) work on specific areas, including:
- IEC TC 65: Industrial-process measurement, control and automation, which has developed the IEC 62443 series of Standards on Industrial Communication Networks – Network and System Security, in order to keep industry safe.
- In the above mentioned case of energy companies, nuclear in particular, IEC Subcommittee (SC) 45A: Instrumentation, control, and electrical systems of nuclear facilities, published International StandardIEC 62645, which aims to define adequate programmatic measures for the prevention and detection of and reaction to malicious acts by cyberattacks.
- Important International Standards in the field of IT security techniques are developed by ISO/IEC JTC 1/SC 27, a Subcommittee of the Joint Technical Committee (JTC) set up by the IEC and ISO (International Organization for Standardization) to work on International Standards for information technology.
- ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of an organization.
- In conjunction with this, ISO/IEC 27040 specifically deals with data storage security and how to manage it, from planning and design to implementation and documentation. It also comprises guidance on mitigating risks of data breaches or data corruption and considers new technologies and their connectivity. This Standard is useful for managers and administrators with specific responsibilities for information or storage security, storage operation, who are in charge of an organization’s overall security and security policy development.
This post is based on an IEC e-tech article by Janice Blondeau and Morand Fachot. Read full article here.