Coordinated Response
Services and tools for incident response management

Insight from Incident Response for Industrial Control Systems

ENISA examined Industrial Control Systems (ICS) cybersecurity incidents  to identify lessons learned. Many of these lessons apply to any high-value system.

ENISA – the EU Network and Information Security Agency – examined cybersecurity incidents associated with Industrial Control Systems (ICS) and System Control and Data Acquisition (SCADA) systems. The findings were published in a white paper: Can We Learn from Industrial Control System Security Incidents?, ENISA web site, October 2013. The link references a press release that provides the background and a summary of the paper, as well as access to the white paper itself.

ENISA’s Key Findings from ICS Incidents

ENISA’s key findings apply to many high-value information systems:

  • Coordinate cyber and physical security response processes.
  • Understand the overlap between cyber and physical critical incident response teams.
  • Increase awareness of the location of digital evidence and the appropriate actions to collect and preserve it.
  • Design and configure systems to enable digital evidence retention.
  • Complement existing skills base with ex post analysis expertise.
  • Increase inter-organizational, public/private, and cross country collaboration efforts.

All of these practices should be addressed in your incident response plan if you are dealing with a high-value system.

Coordinated Response

Let us help you with a response plan review that (1) includes physical security as an extension of your incident response team; (2) addresses evidence collection and control; (3) identifies ex post analysis expertise for more effective incident review; and (4) recognizes inter-organizational communications requirements and opportunities.

Leave A Comment

You must be logged in to post a comment.