This form of policy analytics enables the user, enterprise, or analyst, to implement CSF directives all situated in different policy documents.
The full value and implementation of CSF for cybersecurity of Smart Grid in electric power systems is difficult to capture given:
(i) The details and complexity of smart grid NIST model,
(ii) The set of intervening tasks to connect system properties to risks and vulnerabilities,
(iii) The distributed ecosystem of policy documents with information on intervening tasks, and
(iv) The burdens on users to manage (i) to (iii).
Therefore,
(v) The full value lies in the creation of an integrated on-demand methods for access to relevant data.
References:
- Choucri, N. (2020, January 15–16). Application of policy-based methods for risk analysis [Conference session]. Winter 2020 Quarterly Science of Security and Privacy Lablet Meeting, Raleigh, North Carolina. https://cps-vo.org/node/65536
- Choucri, N., & Agarwal, G. (2018, October 18). Policy analytics for cybersecurity of cyber-physical systems. Science of Security & Privacy. https://cps-vo.org/VU_AnalyticsforCPS-Cybersecurity
- Forum of Incident Response and Security Teams, Inc. (FIRST) (2022).
- National Institute of Standards, and Technology. (2018). Framework for improving critical infrastructure cybersecurity. U.S. Department of Commerce. https://www.nist.gov/cyberframework
- Choucri, N., & Agarwal, G. (2017). Analytics for smart grid cybersecurity. Proceedings of the 2017 IEEE International Symposium on Technologies for Homeland Security (HST), 1–3. http://hdl.handle.net/1721.1/141738