ICS Security

Industrial Control Systems Security
  • Subject matter experts are also welcomed to join the ICS Security WG by submitting your request HERE.
  • Read more about ICS Security WG on our CSA Global page HERE.

Mission Statement: To develop and maintain a research portfolio providing capabilities to assist asset owner in enhancing their ICS security of production site connected cloud.
 
As industrial control systems advance to IoT, industrial control systems (ICS) is connecting to the cloud, and the risk of cyber-attacks is increasing more than ever before. Noteworthy advanced cyber-attacks have occurred in recent years (e.g. Stuxnet, German Steal Mil, Ukrainian Power Grid, etc.). On the other hand, asset owners understand cyber risk to connect ICS to external network including cloud, but there are challenges to mitigate cyber risk due to system specification difference between information system and industrial control systems.

Scope
The scope for the ICS Security working group includes, but is not limited to:
  • Develop more situational awareness for asset owners and device manufacturers
  • Enlightenment C-level
  • Business and system use cases of ICS connected to cloud
  • Cyber-attack trends of ICS
  • Cyber Security Risk Analysis based on Use Cases
  • Analysis of ICS challenges – Awareness, Organization and Process, Knowledge, Technology
  • Industry specific standard, regulations, and risk will be developed

Goals
The ICS Security Working Group aims to develop a proper security guidance to encourage asset owners and device manufacturers worldwide. There will be two documents documenting the guidance as follows:

  • First guide for starting cyber security of ICS – environmental changes of ICS, necessity for implementing measures, challenges of risk mitigation in ICS, practices to build up security enhancement activities.
  • Practical security controls of ICS security – network separation, access control, portable media device management, system vulnerability management, threat management, incident handling, etc.

CSA initiatives that may be relevant for this work will be referenced in this work. Furthermore, alignment to global standards can be achieved through the CSA International Standardization Council.