The risk assessment output will highlight any gaps between the existing or designed security posture and an organisation’s tolerable risk. Countermeasures should be defined and implemented to reduce the risk of compromise by external attack or internal malicious or inadvertent maloperation of IACSIndustrial Automation and Control Systems assets.
The Countermeasures should be appropriate to foreseeable threats and proportionate to the zone’s criticality or consequence of any compromise, i.e. critical zones will require more stringent security countermeasures than supporting or non-critical zones.
Countermeasures should follow the Protect – Detect – Respond concept to:
Countermeasures should be implemented to provide defence in depth whereby the potential impact of diverse and constantly evolving cyber security threats can be mitigated by deploying multiple layers of organisational and technical countermeasures to remove any single point of failure:
Policies and procedures for:
Policies and processes and/or technical controls for:
Policies and processes and/or technical controls for:
These countermeasures form part of the NCSC CAF principles for assessing compliance with the UK Network & Information Systems (NIS) Regulations.
Where countermeasures cannot be implemented for identified security gaps, e.g. due to incompatibility with older IACS assets or proprietary firmware, alternative countermeasures should be investigated or the security gap agreed by management and tracked for action at a future systems upgrade or replacement under obsolescence management.
HSE OG86, Appendix 5 outlines the basic technical countermeasures expected to mitigate against an unskilled attack i.e. the minimum level of cyber hygiene an IACS operator is expected implement.
As the cyber security threat landscape is constantly changing and additional countermeasures are developed against newly discovered vulnerabilities the IACS risk assessment, including countermeasures, requires to be reviewed periodically (no more than yearly) or when new threat intelligence relevant to your organisation’s IACS is published.
You can contact =Method below:
p: +44 (0)1462 713313
E: support@methodcysec.com. T: 44 (0)1462 713313. W: www.methodcysec.com