A Community Security Initiative for Process Control, PLC-Based, and SCADA Systems
Industrial Control Systems (ICS), include Process Control, Distributed Control, PLC-based and SCADA systems, are instrumental in the production of goods and provision of essential services. ICS is the label for the digital technology that collect, monitor, analyze, decide, control, and act to safely produce and move physical things.
Securing cyber-to-physical systems requires our combined focus and the integration of disciplines such as design, planning, and operating engineers with cyber security and technology support.
ICS were initially envisioned to operate in isolated and trusted domains. Our hyper-connected world has boosted productivity and allowed us to leverage information from the plant floor and from around the world. Progress is exciting and our ever-smarter planet has opened our ICS to people both good and bad. The race to connect our world has outpaced our security solutions and taxed people with the engineering understanding and security skills to keep our critical systems safe from advance cyber threats.
It is time to join forces and equip both security professionals and control system engineers with the knowledge and skills they need to safeguard our critical infrastructures. SANS is marshaling community talent and ideas with the goal of contributing resources and supporting engineers and security pros to address ICS security concerns.
There has been progress since SANS started the SCADA Summit seven years ago in addressing less directed security threats. Unfortunately threats have matured and become more focused and targeted. Today, advanced cyber threats pose a danger to companies and organizations that rely upon industrial control systems. SANS is reaching out to combine engineering, industrial automation expertise, and cyber security experts to provide instruction that addresses cyber challenges to provide reliable and safe automation for critical infrastructures.
Critical questions need to be answered, such as... If security strategies and solutions are failing to keep attackers out of Internet facing IT systems, how are we going to maintain the integrity and protect ICS? We believe an essential piece of the response is to best develop engineers and security professionals to meet this challenge head on. - Michael Assante