Cyber Incident Response Plans for Industrial Control Systems

Industrial control systems are the integrated systems; hardware and software designed to monitor and control the operations of machinery or associated systems in industrial environments. The systems which monitor and manage critical infrastructure such as; nuclear power plants to robotic systems across manufacturing plants.

Despite the many threats of cyber-attacks on industrial control systems, cyber security had not previously been a priority to key decision makers, with the system engineer’s main priority of keeping the system and operations up and running.

In the past, industrial control systems were not networked and did not rely on data exchange via the internet. Due to the rapid growth in IoT (Internet of Things), cyber-attacks on industrial systems are now a dangerous threat which can result in detrimental impacts to national infrastructure and in the worst case, a result of loss of life. It is important for every industrial control system to have defined processes and an incident response plan in place to mitigate detrimental impact from cyber incidents.

In this article, we will take a look at the importance of control systems security and implementing an incident response plan for a control system.

power plant industrial control systems

A survey conducted by PAC, on behalf of Kapersky Lab, analysed the future development of industrial control systems cyber security. The survey is based on responses from 320 worldwide professionals with decision making power in Operational Technology/ Industrial Control Systems cybersecurity.

The study showed that 77% of industrial control companies rank cyber security as a major priority now, and believe they are likely to become a target of a cyber security incident involving industrial control systems in the near future. However, 48% of companies do not have a specific industrial control system incident response program in place, which is almost half of organisations. 31% of companies experienced one, or more incidents last year. An incident response plan should be an integral part of ICS cyber security, as attacks to systems have rapidly increased and methods of attack are ever-changing.

ICS Incident Response Plans

An incident response plan for OT/ICS environments has different priorities and considerations, compared to IT (Information Technology) environments. It is important to understand the key differences and to understand what should be integrated within an ICS incident response plan, and to ensure all systems have an appropriate plan. Our experienced consultants can work with you to implement an appropriate incident response and help to identify the key threats and vulnerabilities.

Our incident response plan approach for ICS consists of 2 different components: Incident response governance for the entire organisation and a system level incident response for each control system.

Our Approach to ICS Incident Response Plans

A successful incident response plan needs to define clear processes for the event of a cyber incident, the risks and vulnerabilities the control system is exposed too, how risks will be addressed and the restoration of business operations and the control systems.

Our consultants will work with your organisation to identify any applicable ICS assets to conduct a risk assessment on the specific control system and highlight any vulnerabilities or threats to a system. We will also analyse the potential impact a cyber security incident could have on the control system. The risk assessment will also identify options for risk treatment such as; separate segregated environments for critical infrastructure or increased security controls to ensure the risks are mitigated, and the correct measures are in place.

After a risk assessment has been conducted, a tailored incident response plan suited to the control systems requirements can be developed with the guidance of our experienced cyber consultants.

An ICS incident response plan will typically include:

  • Identification of types of vulnerabilities and potential threats to the control systems and types of cyber attacks
  • Instructions and information detailing how to detect cyber incidents and their severity
  • Define roles and responsibilities for key personnel in event of a cyber incident
  • Determine the appropriate response to a cyber incident to contain the risk and restore ICS operations back to normal without removing forensic evidence
  • Include communication response plan, which details how an incident will be communicated to clients or press etc and who will be responsible for the communication

ICS networks can be vulnerable to cyber attacks and it is important to take the correct steps and put the right processes in place. Protect your organisation by having an ICS-defined incident response plan, putting the right mitigations in place and knowing who is responsible for coordinating the incident to reduce downtime and the severity of the incident.

Ready to Implement an ICS Incident Response Plan? Get in touch!