Insight from Incident Response for Industrial Control Systems

ENISA examined Industrial Control Systems (ICS) cybersecurity incidents  to identify lessons learned. Many of these lessons apply to any high-value system.

ENISA – the EU Network and Information Security Agency – examined cybersecurity incidents associated with Industrial Control Systems (ICS) and System Control and Data Acquisition (SCADA) systems. The findings were published in a white paper: Can We Learn from Industrial Control System Security Incidents?, ENISA web site, October 2013. The link references a press release that provides the background and a summary of the paper, as well as access to the white paper itself.

ENISA’s Key Findings from ICS Incidents

ENISA’s key findings apply to many high-value information systems:

  • Coordinate cyber and physical security response processes.
  • Understand the overlap between cyber and physical critical incident response teams.
  • Increase awareness of the location of digital evidence and the appropriate actions to collect and preserve it.
  • Design and configure systems to enable digital evidence retention.
  • Complement existing skills base with ex post analysis expertise.
  • Increase inter-organizational, public/private, and cross country collaboration efforts.

All of these practices should be addressed in your incident response plan if you are dealing with a high-value system.

Coordinated Response

Let us help you with a response plan review that (1) includes physical security as an extension of your incident response team; (2) addresses evidence collection and control; (3) identifies ex post analysis expertise for more effective incident review; and (4) recognizes inter-organizational communications requirements and opportunities.

Leave A Comment

You must be logged in to post a comment.