Wednesday, October 9, 2013

Hot Off the Press! New White Paper from ENISA on Learning from ICS Incidents

Today our friends at the European Network and Information Security Agency (ENISA) published a white paper entitled Can We Learn from SCADA Security Incidents?

The paper is about 10-pages long and offers some ideas on how to organize and perform a systematic approach to evaluating Industrial Control System/SCADA incidents.  One helpful element of the white paper is Table 1 that shows a roles matrix for incident response and analysis in control systems which was extracted from the US Department of Homeland Security (DHS)/Idaho National Labs document Recommended Practice: Creating Cyber Forensics Plans for Control Systems. (Table 5)

Overall I'd suggest you at least skim through the document and use it when developing ICS/SCADA incident response plans.  It will offer some useful guidance for programmatic and organizational approaches to ICS incident analysis.  The US DHS document referenced above will give you a more thorough technical perspective for ICS post-event forensics.

Thanks again ENISA!  Keep up the good work!