RIPE, the Robust ICS Planning and Evaluation Program by The Langner Group, is continually improved based on real-world customer feedback. We produce new versions annually. The new version, dubbed RIPE 16 (16 instead of 2016), will be released at the beginning of May. Here are some of the highlights.

New in RIPE 16: Incident Management

We are introducing a completely new module for incident management, referenced as RIPE IM-16. It addresses two sober facts: First, the vast majority of asset owners don’t have an incident management capability for OT. Second, existing incident management strategies from IT cannot be applied to OT.

Incident Management in RIPE is understood as the organized capability to minimize the adverse effects of potential and actual cyber incidents in the most efficient way possible by predetermined procedures coordinated and executed by a competent incident response team.

A cyber incident in the context of RIPE is defined as a threatened or actual violation of authorized OT system or network configuration and usage. Cyber incidents do not necessarily have a malicious cause. Apparently the majority of actual cyber-physical incidents on the record have their roots in accidental circumstances or in humans acting in the best intent but in violation of policy (such as when reconfiguring OT systems without authorization). However, random equipment failure is not regarded as an incident because a random event does not violate anything.

Incident Management in the OT space has different characteristics when compared to office IT:

  • Physical consequences cannot be remedied by restoring from backup tapes
  • Cyber incidents in OT may have safety impacts
  • The more serious incidents cannot be assessed and mitigated without the help of operators and engineers
  • Cyber-physical events occur in realtime and may therefore require immediate response by operators and incident managers alike in order to prevent or minimize physical harm
  • Even more than in IT, flawed incident response may make matters worse.

The new module includes specific standard operating procedures for addressing potential cyber incidents which are grouped into various postulated incident categories, ranging from unauthorized (but well-intended) configuration changes by contractors to blended cyber-physical attacks including a coordinated head-on attack by a physical assault force.

RIPE 16 overview

The RIPE 16 document set consists of the following documents that can be licensed from The Langner Group:

  • RIPE OT Management Plan
  • RIPE Implementation Plan
  • RIPE System Inventory
  • RIPE Network Diagram Style Guide
  • RIPE Data Flow Diagram Style Guide
  • RIPE Reference Architecture
  • RIPE System Procurement
  • RIPE Workforce Management
  • RIPE Policies and Standard Operating Procedures
  • RIPE Training Curriculum
  • RIPE Incident Management
  • RIPE Capability Metrics
  • RIPE Concepts and Terminology

Proven OT security program with ready-made templates

Over 800 facilities globally are subject to the RIPE Program. Instead of having their custom OT security program being developed by consultants in a risky and costly venture, asset owners are licensing the RIPE Program in order to get started with OT security right away instead of re-inventing the wheel. Contact The Langner Group to learn about licensing terms and conditions.

Supplemented by the myRIPE OT Management System

Anybody wanting to get serious about OT security in today’s complex digital OT environments will quickly understand that these days, a set of MS Word documents and Excel spreadsheets will no longer do. Therefore we are offering the myRIPE OT Management System as a powerful software counterpart to the RIPE Program. myRIPE comes with a full-featured CMDB especially for OT and with an easy-to-use workflow for change management. We are constantly improving myRIPE and will announce new groundbreaking features shortly. Stay tuned!