ISACA has published a new guide about the current cybersecurity threat for industrial control systems (ICS). Titled “Industrial Control Systems: A Primer for the Rest of Us,” the guide takes a deeper look at ICS and why security practitioners face a daunting challenge in defending an infrastructure that is often full of antiquated technology.
According to the guide, ICS were never intended to be interconnected, but are now more vulnerable because of their convergence with traditional information and communications technology (ICT).
The guide discusses the differences and similarities between ICS and IT; ICS has an operational focus and IT is system or task-specific. Regardless of their differences, threat agents and attack vectors are the same for both systems.
A section called “Defining Industrial Control Systems” provides an in-depth overview of what comprises today’s ICS—generally understood as systems such as electricity, water and energy production as well as manufacturing and distribution.
“ICS were originally designed to perform tasks in environments that were separate and apart from traditional IT systems,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “In today’s environment, understanding IT risk and governance principles is increasingly critical to the ICS community, especially in converged enterprises.”
The guide suggests there are great advantages to creating and sustaining cross-functional teams between ICS and IT cybersecurity professionals. This scenario will help both teams leverage development and execution of enterprise cybersecurity strategies.
Comments
Post a Comment