implementation of best practices; most are regularly updated and were designed for practical application (Table 1). Additionally, there are official websites that offer useful resources for designing secure systems (Table 2).
Name
Description
Web page
Guides industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that any organization can use. The ISO/IEC 27001 standard guides the establishment, implementation, maintenance, and continual improvement of an ISMS. ISO/IEC 27002 offers best practices and control objectives related to key cybersecurity aspects. The ISA/IEC 62443 series of standards defines requirements and processes for implementing and maintaining electronically secure industrial automation and control systems (IACS) The Guide to Operational Technology (OT) Security provides guidance on how to secure operational technology (OT) while addressing its unique performance, reliability, and safety requirements. The Zero Trust Architecture. This document contains an abstract definition of zero trust architecture (ZTA) and gives general deployment models and use cases where zero trust could improve an enterprise’s overall information technology security posture.
https://www.nist.gov/cyberfra mework
NIST CSF 2.0
https://www.iso.org/standard/ 27001 https://www.iso.org/standard/ 75652.html https://www.isa.org/standard s-and-publications/isa- standards/isa-iec-62443- series-of-standards https://csrc.nist.gov/pubs/sp/8 00/82/r3/final
ISO/IEC 27001 & 27002
IEC 62443 (series)
Securing ICT in Special Premises: Lessons from Underground Mines, Rail Systems, Airports, and Campuses
NIST SP 800-82 (OT Security)
By Javier Macias
https://csrc.nist.gov/pubs/sp/8 00/207/final
Cyber threats to every interconnected environment are increasing rapidly. The average time for an adversary to move across a network has dropped to a record low of 48 minutes, with the fastest breakout happening in just 51 seconds. As technology helps the industry achieve better and more efficient results, the threats are also rising. Additionally, 53 percent of attacks target North America, and among the top 10 industries most often targeted by intrusions are consulting and professional services, manufacturing, healthcare, telecommunications, industrial engineering, and academia. 1 On the other hand, special sites such as underground mines, rail systems, airports, and large educational campuses, despite their diverse environments, are some of the most challenging contexts for ICT design. Unlike conventional facilities, they combine physical restrictions, safety-critical systems, and harsh conditions that push both technology and design to their limits. A mine is not a static or isolated location; it requires a dynamic, constantly expanding network that must support operations, safety systems, and security simultaneously while remaining resilient against both physical and cyber threats. Technology has driven significant progress in the
industry, improving efficiency, durability, and simplicity. At the same time, increased interconnection between systems has expanded the attack surface, creating new vulnerabilities. Recognizing these risks—and the threats that come with greater connectivity—is crucial to ensuring security is integrated into the design from the start. Considering the changing environment and rapid technological advancements, this article intends to present best practices aligned with established standards and frameworks, based on personal experience, study, and research, with the sole purpose of protecting systems from emerging threats. WHERE TO START? Various cybersecurity standards and frameworks guide the design of systems that inherently need protection. The most important recommendation is to view the project as a system—comprising interconnected components working toward a common goal. This perspective allows you to break down the problem and understand how to safeguard each part, even if you might not have a security background. It is also wise to familiarize oneself with the most used cybersecurity standards, frameworks, and guidance. These references facilitate the
NIST SP 800-207 (Zero Trust)
TABLE 1 : Cybersecurity Standards and Frameworks list. Source: Hatch
Name
Description
Web page
Cybersecurity Infrastructure Security Agency
CISA's goal is to identify and manage risk to the cyber and physical infrastructure. Helps businesses, the public sector, and individuals protect their online services and devices. The ISA/IEC 62443 series of standards defines requirements and processes for implementing and maintaining electronically secure industrial automation and control systems (IACS) NSA Cybersecurity’s goal is to prevent and eradicate threats to U.S. national security systems, and also promotes cybersecurity education, research, and career-building. ATT&CK is a knowledge base of adversarial techniques based on real-world observations. D3FEND is a framework in which a countermeasure knowledge base is encoded, but more specifically, a knowledge graph.
https://www.cisa.gov
https://www.ncsc.gov.uk/
National Cybersecurity Centre
https://www.enisa.europa.eu/
European Union Agency for Cybersecurity
https://www.nsa.gov/Cybersecurity/
National Security Agency/Central Security Service
https://attack.mitre.org/ https://d3fend.mitre.org/
MITRE ATT&CK & D3FEND
TABLE 2 : List of Webpages that host resources for secure systems. Source: Hatch
I
I
38
ICT TODAY
October/November/December 2025
39
Made with FlippingBook - Online catalogs