Contents
Foreword 4
1. Executive Summary 6
1.1. Background 6
1.2. Cybersecurity Research Methodology 6
1.3. Findings 7
2. Study Findings 9
2.1. Background 9
2.2. Cybersecurity Research Methodology 9
2.2.1. Industries Studied 9
2.3. Findings 11
2.3.1. Information Technology and Telecommunications 11
2.3.2. Aviation 14
2.3.3. Industrial Control Systems, Energy, and NIST 17
2.3.4. Financial Payments 23
2.3.5. Medical Devices 27
2.3.6. Automotive 30
2.4. Request for Information 32
2.5. Challenges and Issues 33
2.6. Observations 33
2.7. References 39
Table 1. Industries Studied and Why 10
Table 2. Details of the Information Security Life Cycle Process 12
Table 3. PCI-DSS Objectives 25
Figure 1. Information Security Life Cycle 11
Figure 2. NRC Regulatory Program 21
Figure 3. Security Lifecycle and Corresponding NIST Publications 23
Figure 4. Financial Payment Ecosystem 24
Figure 5. Information Security Lifecycle Process 37
Figure 6. Key Observations Mapped to the Lifecycle Process 38