Onboarding the ICS Mindset into Cyber Security Controls

  • Thursday, 13 Aug 2015 3:00PM EDT (13 Aug 2015 19:00 UTC)
  • Speaker: Jason Dely

Successful deployment of effective cyber security measures requires incorporation and adaptation of the ICS staff. The ICS environment has had 20+ years to adopt COTS and IT standards and repurpose these technology on a separate path from the traditional IT security evolution. Combine that with the activities and responsibilities of the ICS users, introducing cyber security into these environments requires more then simply selecting and tweaking new or existing technologies. Though some preferred methods used within ICS may seem inappropriate, adaptation, when appropriate, to different methods can and will be difficult. Improving cyber security effectiveness involves an exploration into the unique characteristics of the Industrial Control System 'user' with the balance of business risk and operational risk. From real world experience, the 4D's (Determine, Decide, Design and Deploy) describes the development and improvement process uniquely faced within ICS cyber security controls.

  • Determining the operations staff needs and activities when planning to improve or add additional cyber security controls.
  • Deciding which technologies to use; who will be impacted, what risk will they address, where will they be deployed, when will they be deployed, how will they effect operation.
  • Designing and deploying the controls that meets the appropriate overall effectiveness without hinderance to system availability or emergency recovery.