News
Vendors

DeNexus debuts DNX cybersecurity framework for OT/ICS risk assessment purposes

August 07, 2023
DeNexus rolls out DeRISK 5.4 with DNX-CSF, enhanced inside data-driven attack and risk modeling

DeNexus has launched DNX CSF, a new cybersecurity framework (CSF) that solves the need for a lightweight, evidence-based risk assessment baseline. The California-headquartered company created its own Cyber Security Framework, DNX CSF 1.0, after extensive customer discussions and research on cybersecurity frameworks and standards.

“A new framework was necessary. A purpose-built, lightweight cybersecurity framework explicitly developed for Operational Technology (OT) / Industrial Control Systems (ICS) assessment purposes; one that’s easy to inform by both questions (interviewing people) and automated assessment (interviewing machines / leveraging telemetry) … and that’s how DNX CSF 1.0 was born,” Jose Seara, founder and CEO at DeNexus, wrote in a company blog post last week. 

He added that the DeNexus team took a methodical approach to the creation of the framework. “DNX CSF aligns with the 23 categories of NIST CSF 1.1, including components of MITRE D3FEND, to produce outcome statements for the security controls that were tangible and easy for the user to understand. At the same time addressing OT cybersecurity and its unique differentiation from Information Technology (IT) systems and networks.”

Although NIST CSF is widely adopted globally as a reference for defining functional cybersecurity, it does not include a simple set of questions that can quickly determine a level of conformance, the post identified. Also, most frameworks do not consider automated versus manual assessments.

Seara pointed out that for organizations that are just beginning their cybersecurity journey, they can begin with the simpler DNX CSF, and later expand to NIST CSF or others as they increase their maturity and experience.

“Just like NIST CSF, the DNX CSF security controls can be grouped by category. We have a total of six (6) categories ranging from Governance to Vulnerability Management,” Seara wrote. “Each category contains at least three (3) security controls. One major objective of this project was to ensure that each security control in DNX CSF was outcome-based to ensure the user could easily understand and answer the control. The security controls are simple language with a focus on clarity and low ambiguity.”

He added that, “We are very excited to incorporate DNX CSF 1.0 to DeRISK v.5.4 and for our customers to use the framework. DeRISK v5.4 also offers NIST CSF 1.1  and  ISO27001, and all of them map to each other, so organizations can use their framework of choice.”

Last month, GridSecurity partnered with DeNexus to allow GridSecurity customers to better identify, mitigate, and transfer their cybersecurity risk. GridSecurity would leverage DeNexus’s cyber risk quantification and management platform, DeRISK, to its fleet of inverter-based renewable power generation plants and control centers.

Industrial Cyber News Desk
Industrial Cyber News Desk

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
TXOne’s Portable Security Pro works towards improving security in ICS environments
TXOne Networks presents SageOne, its new CPS protection platform
Critical Start
Critical Start introduces managed detection and response services for OT environments
Shift5
Shift5 debuts GPS integrity module to combat GPS spoofing risks
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates