The Cybersecurity and Infrastructure Security Agency (CISA) has released its five-year industrial control systems (ICS) strategy: Securing Industrial Control Systems: A Unified Initiative. The strategy—developed in collaboration with industry and government partners—lays out CISA's plan to improve, unify, and focus the effort to secure ICS and protect critical infrastructure.
CISA encourages users—including ICS and critical infrastructure partners—to review Securing Industrial Control Systems: A Unified Initiative for more information.
"Through this “One CISA” initiative, CISA will work with critical infrastructure (CI) owners and operators to build industrial control systems (ICS) security capabilities that directly empower ICS stakeholders to secure their operations against ICS threats. We will also work to improve CISA’s ability to anticipate, prioritize, and manage nationallevel ICS risk," says Christopher Krebs, Director, Cybersecurity and Infrastructure Security Agency .
According to CISA, this effort will be organized in four pillars:
- PILLAR 1: Ask more of the ICS community, and deliver more to them.
- PILLAR 2: Develop and utilize technology to mature collective ICS cyber defense.
- PILLAR 3: Build “deep data” capabilities to analyze and deliver information that the ICS community can use to disrupt the ICS Cyber Kill Chain.
- PILLAR 4: Enable informed and proactive security investments by understanding and anticipating ICS risk.
Krebs adds, "ICS security presents unique challenges. Traditional ICS devices used to manage industrial processes are difficult to secure without creating unacceptable disruptions to critical industrial processes. The largescale use of newer technologies—such as 5G cellular networks, artificial intelligence, pervasive machine-tomachine communications, and advanced data analytics— introduces both advantages and additional uncertainties and may significantly change the ICS risk landscape. Most importantly, because ICS manage physical operational processes, the increasing convergence of information technology (IT) and operational technology (OT) creates opportunities for exploitation that could result in catastrophic consequences, including loss of life, economic damage, and disruption of the National Critical Functions (NCFs)1 upon which society relies."
For the full guide, visit https://www.cisa.gov/sites/default/files/publications/Securing_Industrial_Control_Systems_S508C.pdf