Consequences of modern cyber-attacks impacting control systems can range from large power grid blackouts to large cities or major regions, failure of critical manufacturing equipment with massive financial loss, paralyzing smart city infrastructure such as transportation in large municipalities, inflict serious environmental damage, or worse, cause injury or death to facility workers.
The obvious choice for ICS security managers and technical defenders is to focus on pre-incident defense – prevention – which has a lot of value! However, facility owners and security managers must not become fatigued by a prevention-only approach and forget to focus on regularly refining steps for effective and optimal engineering MTTR (mean time to recover) for a rapid return to operations.
Establishing ICS-specific network visibility, threat detection based on evolving sector specific threat intelligence, and specific incident response for control networks – are all critical! They are all requirements of the first stages of maturity towards any effective ICS Security Defense Program.
However, for resilience, with the consequences these imminent intrusions bring, plant owners and operators will do well to ensure the ICS incident response includes effective and rapid engineering system recovery plans. That is, technology solutions and processes combined with ICS-trained defenders, security managers and engineering teams are able to work to restore control systems to trusted restore points after events from cyber incidents, natural disasters, human error, or possible malicious insiders that threaten engineering operations.
This ICS Forum will bring to light lessons learned through a 2022 ICS year in review and reveal suggested actions for ICS incident response with a focus on ICS specific threat detection and rapid engineering system recovery. Topics include the following:
- You Are Not Alone – 5 Critical Controls for Consequence-Driven Incident Response in ICS/OT Environments
- Pre and Post Incident Network Collection at the Edge – A Practical Guide for Asset Owners
- Implementing a Zero Trust Framework for Secure Remote Access in ICS