The National Institute of Standards and Technology (NIST) has released version 2.0 of its Cybersecurity Framework (CSF), updating it for the first time since 2014. The new version broadens its scope to help all organizations, not just critical infrastructure, manage cybersecurity risks. 

The aim of the Framework is to Understand, Assess, Prioritize and Communicate cybersecurity risks.

The NIST Cybersecurity Framework Version 2.0 brings some important changes for security managers. The new "Govern" feature emphasizes the importance of cybersecurity in governance and risk management. This is also a topic that is becoming more relevant with the NIS2 implementation. Expanded guidelines and specific implementation examples make it easier for practitioners to apply in the OT sector. Additional resources support supply chain security and global applicability ensures that international standards are considered. These updates significantly improve the protection and management of OT infrastructures.

The detection function has been restructured and expanded. The requirements have now become much more comprehensive. This underlines the increasing importance of anomaly detection for the security of companies.

The New Features at a Glance

Extended Scope

Applicable to all organizations, not just critical infrastructure.

New “Govern” Function

Adds governance as the sixth function alongside Identify, Protect, Detect, Respond, and Recover.

Expanded Core Guidance

Provides more comprehensive implementation guidelines.

New Resources

Includes quick-start guides and implementation examples tailored for different audiences.

Global Applicability

Adjustments made for international use, aligning with global cybersecurity needs.

CSF 2.0 Reference Tool

Simplifies implementation with a searchable and exportable catalog of core guidance in human-consumable and machine-readable formats.

Informative References

Offers a searchable catalog showing how actions map onto the CSF, cross-referencing with over 50 other cybersecurity documents, including NIST's own resources.

Focus on Governance

Emphasizes cybersecurity as a major enterprise risk, integrating it into senior leadership considerations alongside finance and reputation.

Support for Supply Chains

Additional resources and guidance to help secure supply chains.

Tailored Pathways

Provides specific pathways and resources for various types of organizations, including small businesses, enterprise risk managers, and those focusing on supply chain security.

How Is the NIST Cybersecurity Framework (CSF) 2.0 Structured?

The framework is split into three sectors: The CSF Core, the CSF Organizational Profiles and the CSF Tiers. The aim of this framework is to understand, assess, prioritize and communicate cybersecurity risks in a controlled and standardized way.

CSF Core Structure

CSF Core Structure

NIST (2024)

CSF Functions

NIST (2024)

What Is the CSF Core?

The CSF Core is separated into different functions, which outcomes are then grouped into categories and subcategories.The Core consists of the following functions, which are aimed to support the minimization of cybersecurity risks - GOVERN, IDENTIFY, PROTECT, DETECT, RESPOND, and RECOVER:

GOVERN

This function manages cybersecurity strategy, policy, and risk for the organization, aligning with its mission. It integrates cybersecurity into overall risk management, handling roles, responsibilities, and policy oversight.

IDENTIFY

The organization understands its cybersecurity risks by knowing its assets and suppliers. This helps prioritize efforts and find ways to improve policies and practices.

PROTECT

This function uses safeguards to secure the organization's assets and reduce the risk of cybersecurity events. It includes identity management, training, data security, platform security, and technology resilience.

DETECT

This identifies and analyses potential cybersecurity attacks and compromises by promptly discovering anomalies and indicators of compromise. It supports effective incident response and recovery activities.

RESPOND

This solution takes action upon detecting a cybersecurity incident, focusing on containing its effects. This function includes incident management, analysis, mitigation, reporting, and communication.

RECOVER

facilitates the timely restoration of affected assets and operations after a cybersecurity incident, minimizing its impact and supporting effective communication during recovery.

According to the framework, all actions that support functions GOVERN, IDENTIFY, PROTECT and DETECT should all happen continuously.

However, actions that support RESPOND and RECOVER should be ready at all times and we operational when cybersecurity incidents occur.

What Are the CSF Profiles?

The CSF Organizational Profile defines an organization's current or desired cybersecurity status based on the Core's outcome. It guides actions by considering the organization's mission, stakeholder expectations, threats, and requirements. Every Organizational Profile includes one or both of the following:

Current Profile

A Current Profile specifies the Core outcome that an organization is currently achieving (or attempting to achieve) and characterizes how or to what extent each outcome is being achieved.

Target Profile

A Target Profile specifies the desired outcome that an organization has selected and prioritized for achieving its cybersecurity risk management objectives. the profile considers anticipated changes to the organization’s cybersecurity posture, such as new requirements, new technology adoption, and threat intelligence trends.

What Are the CSF Tiers?

The CSF Tiers provide a guidance for organizations to enhance cybersecurity risk management. Think of it as a scale from basic to advanced practices, guiding how organizations handle risks and complement existing methods. Moving to higher Tiers is recommended for more significant risks or requirements, considering cost-effectiveness. The CSF Tiers are categorized as:

Tier 1 | Partial

At the lowest level, organizations address information security reactively with minimal defenses and lack proactive risk mitigation strategies. They often overlook risks to supply chains and external stakeholders.

Tier 2 | Risk 
Informed

Tier-two organizations are aware of major risks like malware and state-sponsored attacks and have some protection measures in place. However, they lack a unified strategy with consistent policies across departments and struggle to address risks in their supply chains effectively.

Tier 3 | Repeatable

Tier-three organizations maintain robust, repeatable information security practices with consistent policies and full visibility into their data environment. They continuously update practices to counter new risks, respond quickly to incidents, and effectively manage risk across supply chains. According to NIST, organizations shouldn't be lower than this tier.

Tier 4 | Adaptive

The highest tier of information security maturity involves adaptive strategies, utilizing advanced technologies like machine learning for detection and response, SIEM systems, and adaptive policies. This level of security readiness is crucial in highly regulated sectors such as finance, healthcare, and critical infrastructure to counter sophisticated threats effectively

Contact Us!

We’re looking forward to helping you.

  • Have a question?
  • Need more information?
  • Would you like to request a demo?
Send us a message

Resources

CVE-2024-37998
26. July 2024

Critical Vulnerability in Siemens OT Systems

What does this mean for OT security?

Read this story
Advisories and How to Use Them
12. July 2024

Advisories and How to Use Them

In this article, we will explore the diverse world of security advisories and how to use them effectively, and the wealth of experience of our experts in developing our OMICRON advisories.

Read this story
Marcel Ströhle, Podcast Episode, OMICRON
03. July 2024

Minimizing cybersecurity vulnerabilities at the hardware level

This episode investigates why, in addition to software, hardware devices must be secured against cyber threats. OMICRON hardware developer Marcel Ströhle is the guest.

Read this story
Firewalls under Attack, Holger Skaus
21. June 2024

Firewalls Under Attack - How to Protect Your IT/OT Systems

Firewalls are the first line of defense in protecting critical infrastructures in cyberspace. This makes them particularly attractive to attackers.

Read this story
StationGuard 2.40, OMICRON
22. May 2024

StationGuard 2.40 – New Usability Upgrades

The new version brings along many usability upgrades, incl. MMS server availability, improved router behavior, and more …

Read this story
EnergyTalks, Podcast Episode, Part 7
21. May 2024

Cracking the Code: How to Uncover Cyber Attacks on Your System

In this episode, we will learn how an OMICRON team of cybersecurity experts goes about analyzing incoming alarms and how even the smallest indicators can reveal hidden dangers that threaten the safety and operations of an entire system.

Read this story
Vulnerability Management, Andreas Klien
14. May 2024

Vulnerability Management in Practice

Creation of the StationGuard and GridOps vulnerability database

Read this story
NIST - 2024
24. April 2024

NIST Cybersecurity Framework 2.0 at a Glance

On February 26, 2024 the National Institute of Standards and Technology (NIST) published the second version of the Cybersecurity Framework (CSF 2.0).

Read this story
Cybersecurity Regulations
09. April 2024

State of the Art in Vulnerability Management

In the world of network and energy utility operators, cybersecurity is not just a priority but a legal obligation. With the German IT Security Act and the Energy Industry Act, these operators are required to adhere to the "state of the art" to manage cyber risks effectively.

Read this story
OMI­CRON Con­tributes to Nmap Plug-In
26. March 2024

OMI­CRON Con­tributes to Nmap Plug-In

We collaborated with the BSI and the Fraunhofer Institute to develop an nmap plug-in for OT networks, enhancing tools for power grid administrators with our IEC 61850 expertise.

Read this story
EnergyTalks, Podcast Episode, Ron Brash, Andreas Klien
13. February 2024

Chances & Risks of Operational Technology in the Energy and Aviation Sectors

In this episode, Andreas Klien, discusses the differences and similarities of using OT technology in the aviation and electrical power industry sectors with his guest, Ron Brash, a renowned vulnerability researcher in the aviation industry.

Read this story
Sarah Fluchs, Andreas Klien, Podcast Episode
11. January 2024

Building trust in digital products used in the power grid

In this episode, Andreas Klien, discusses the security engineering of digital products used in the power grid with his guest, Sarah Fluchs.

Read this story
OMICRON EnergyTalks - Podcast episode
10. January 2024

Experiences & Innovations in Developing Cybersecurity Products

In this episode, Anastasiya and Jaques share their experiences, challenges, and innovations in developing our cybersecurity products.

Read this story
StationGuard Receives Security Certificate from the BSI
17. December 2023

StationGuard Receives Security Certificate from the BSI

The German Federal Office for Information Security (BSI) has tested our StationGuard and awarded us the IT security certificate (BSZ) as a result.

Read this story
CVE-2023-45871 - Finding and Patching a Critical Vulnerability in Linux, Eric Heindl
04. December 2023

At­ten­tion CVE-2023-45871 - Our Story of Finding and Patching a Critical Vulnerability in Linux

You think your devices are immune to cyber threats just because there's no official security advisory? You might be wrong.

Read this story
EnergyTalks, Podcast Episode
06. November 2023

Solving Cybersecurity Problems in Electrical Power Networks

OMICRON cybersecurity analysts Christoph Rheinberger and Eric Heindl share their personal experiences for IT and OT security officers.

Read this story
OMICRON Podcast Episode with Thomas Wolf and Ozan Dayanc
04. October 2023

Why do OT networks need an IDS?

Discover the challenges faced by power providers and practical recommendations for enhancing OT network security.

Read this story
StationGuard Release 2.40
02. October 2023

StationGuard 2.30 – Improved Efficiency for Intrusion Detection

With StationGuard 2.30, you will be able to make your workflows even more efficient.

Read this story
Podcast Episode 2, OMICRON
07. September 2023

Digital Transformation in the Power Industry

In this podcast episode, learn how to successfully implement cybersecurity into critical power system infrastructures with OMICRON cybersecurity experts.

Read this story
Podcast, Andreas Klien, OMICRON
07. September 2023

Vulnerability Management in Substations

Learn how vulnerability management tools ensure a more effective cybersecurity in power grids.

Read this story
Podcast Episode 1, OMICRON
01. September 2023

Bridging the gap between IT and OT

OMICRON cybersecurity expert Benjamin Teudeloff talks about the increasing necessity for power providers to improve their cybersecurity practices.

Read this story
OMICRON Magazine: Security Assessment Findings
29. August 2023

Security Assessment Findings in Substations and Power Plants

Our cybersecurity expert, Ozan Dayanc, reveals insights from global substation security assessments.

Read this story
Video: STW-Kempen
29. August 2023

Cybersecurity from the Control Center to the Substation

Cybersecurity from the Control Center to the Substation

Read this story
StationGuard Feature: Search In ZeroLine
18. August 2023

Feature Preview: Device Search in ZeroLine

StationGuard has a a new search feature that makes it easy to find all equipment information in your network.

Read this story
StationGuard Feature: Automatic Device Classification
18. August 2023

Feature Preview: Automatic Device Classification

StationGuard 2.30 will include a new feature that makes it easier than ever to assess and secure your OT network.

Read this story

Eric Heindl

Cybersecurity Analyst, OMICRON

Eric Heindl describes himself as an IT guy with a heart for OT cybersecurity. In his role as Cybersecurity Analyst, he analyzes vulnerabilities in OT/IT networks, gives trainings on cybersecurity aspects of web applications and websites, and demonstrates cyber attacks on substations and energy operators.