Early Look At EPRI’s Cyber Security Data Sheets (CSDS)

Stage 2

This session will give OSIsoft’s vendor perspective on the CSDS developed by EPRI. A CSDS is generated as an essential artifact of EPRI’s Technical Assessment Methodology (TAM) for vulnerability identification and mitigation. The CSDS, much like the Material Safety Data Sheet it was inspired by, is intended to provide valuable insight into characteristics and hazards of a device or software module. This is a novel approach to vulnerability assessments, and the benefits they hope to deliver to asset owners with the result.

Some areas that will be covered include:

– EPRI’s novel view of threat modeling to our system and the problems it addresses

– the CSDS concept of “residual vulnerability” (a vulnerability in their paradigm is not a flaw, but an inherent property)

– CSDS identifying the surface area, based on analysis of the target’s inherent qualities

– regulation and compliance mapping

Secure Design & Dev