The U.S. Army Corps of Engineers has released initial guidance for implementing facility-related cybersecurity requirements into all USACE-executed projects to help ensure USACE consistently delivers its customer cyber secure facilities.
Engineering and Construction Bulletin 2015-14, Integrating Cybersecurity Requirements, applies to all USACE projects involving facility related platform information technology (PIT) systems, such as industrial control systems, utility monitoring and control systems, electronic security systems, building automation systems, supervisory control and data acquisitions systems and similar control systems.
While information technology (IT) and ICS systems share similar characteristics, they have very different priorities and risks. To help ensure consistency and mitigate risks, USACE recommends project managers coordinate cybersecurity requirements for PIT systems with the USACE Industrial Control Systems (ICS) Cybersecurity Technical Center of Expertise (TCX) located at the Engineering and Support Center, Huntsville.
The Huntsville Center team helps ensure adequate cybersecurity requirements are integrated into the planning, design and acquisition phases for military construction projects.
In conjunction with its Army, Navy and Air Force counterparts, the USACE ICS Cybersecurity CX is developing a Unified Facilities Criteria (UFC) that will address cybersecurity requirements for PIT systems. This UFC is anticipated to be published in fiscal year 2016. USACE is also planning to develop a cybersecurity Unified Facilities Guide Specification (UFGS) in FY16 that will document all execution requirements and contract submittals.
For complete guidance, refer to the ECB available online at http://bit.ly/1E5kC0Q.
Release no. 15-044