Representative End User Clients
Representative Automation Clients
Representative Software Clients
The need to secure industrial control systems (ICS) from network and computer-based attack and compromise has received a great deal of attention in recent years. A simple web search for the term “ICS Cybersecurity” will result in hundreds of thousands of references. Many are standards, guidelines, and similar documents that address what is required for an effective response.
For some time, experts have advised using a project-based approach for defining what is required to assess and modify current systems or design new ones to achieve a level of security appropriate for given level of risk. Unfortunately, such an approach is not sufficient, since it focuses almost exclusively on defining and implementing a security-related response for existing systems. It does not necessarily consider what is required for the ongoing support and eventual replacement of these systems, or for specifying and selecting new systems.
A more comprehensive approach must consider all phases of the system lifecycle of the industrial control system. It is important to address what is required to maintain a desired level of security while operating and maintaining a system in response to evolving risks. This requires periodic assessments of the cybersecurity management program to identify opportunities for improvement. These assessments require very specific criteria for each aspect of the program.
Those responsible can define criteria in terms of various levels of maturity, using formal or informal models.
ARC Advisory Group clients can view the complete report at ARC Client Portal on Office 365 or Box.com
If you would like to buy this report or obtain information about how to become a client, please Contact Us
Keywords: ICS Security, Lifecycle, Maturity, Maturity Level, Metrics, Performance, Risk Management, ARC Advisory Group.