Tuesday, January 26, 2016

Seven Strategies to Defend Industrial Control Systems (ICS)

In December 2015 the US National Cybersecurity and Communications Integration Center (NCCIC) -- often referred to as "EN-KICK" -- published a highly readable and brief white paper on Seven Strategies to Defend ICSs.  



This 7-page pdf offers a useful list of seven strategies a company can follow to better protect its industrial control systems.

Not only do they offer a quick, one or two paragraph description of the actions to be taken, but they also offer quick examples of events that could have been possibly prevented if the advice were followed.

The Seven Strategies include:

  1. Implement Application Whitelisting
  2. Ensure Proper Configuration/Patch Management
  3. Reduce Your Attack Surface Area
  4. Build a Dependable Environment
  5. Manage Authentication
  6. Implement Secure Remote Access
  7. Monitor and Respond
RECOMMENDATION -- SHOW THIS TO YOUR BOARD OF DIRECTORS AND EXECUTIVE MANAGEMENT -- IT IS AN EASY READ AND MAKES A POINT THAT SECURITY OF ICS SYSTEMS NEEDS TO BE IMPLEMENTED.

###