Method Functional Safety
What is the Cyber Security Lifecycle?
About the Cyber Security Lifecycle
How do i start?
I am new to this, how do I start?

Define and Implement Counter Measures

The risk assessment output will highlight any gaps between the existing or designed security posture and an organisation’s tolerable risk. Countermeasures should be defined and implemented to reduce the risk of compromise by external attack or internal malicious or inadvertent maloperation of IACSIndustrial Automation and Control Systems assets.

The Countermeasures should be appropriate to foreseeable threats and proportionate to the zone’s criticality or consequence of any compromise, i.e. critical zones will require more stringent security countermeasures than supporting or non-critical zones.

Countermeasures should follow the Protect – Detect – Respond concept to:

  • Minimise the chance of initial intrusion,
  • Detect indicators of compromise,
  • Minimise the impact of compromise by responding to an attack in an appropriate and timely manner.

Countermeasures should be implemented to provide defence in depth whereby the potential impact of diverse and constantly evolving cyber security threats can be mitigated by deploying multiple layers of organisational and technical countermeasures to remove any single point of failure:

Organisational Countermeasures

Policies and procedures for:

  • Governance
  • Risk Management
  • Asset Management
  • Supply Chain Management

Protective Countermeasures

Policies and processes and/or technical controls for:

  • Service Protection
  • Identity and Access Control
  • Data Security
  • System Security
  • Resilient Networks and Systems
  • Staff Awareness and Training

Detect and Respond Countermeasures

Policies and processes and/or technical controls for:

  • Security Monitoring
  • Response and Recovery Planning

These countermeasures form part of the NCSC CAF principles for assessing compliance with the UK Network & Information Systems (NIS) Regulations.
Where countermeasures cannot be implemented for identified security gaps, e.g. due to incompatibility with older IACS assets or proprietary firmware, alternative countermeasures should be investigated or the security gap agreed by management and tracked for action at a future systems upgrade or replacement under obsolescence management.

HSE OG86, Appendix 5 outlines the basic technical countermeasures expected to mitigate against an unskilled attack i.e. the minimum level of cyber hygiene an IACS operator is expected implement.

As the cyber security threat landscape is constantly changing and additional countermeasures are developed against newly discovered vulnerabilities the IACS risk assessment, including countermeasures, requires to be reviewed periodically (no more than yearly) or when new threat intelligence relevant to your organisation’s IACS is published.

Cyber Security Lifecycle

Cyber Security Lifecycle
OT Cyber Security
OT Cyber Security
Cyber Security Lifecycle

Contact =Method Consultants

You can contact =Method below:

p: +44 (0)1462 713313


Contact us online

E: T: 44 (0)1462 713313. W:

LinkedinMethod Functional Safety member of InstMC

Functional Safety + Process Safety + Cyber Security + Compliance Assessment + Competency Register + Software Solutions = Method Safety and Security

Address: Method Cyber Security Ltd. Method House, Davis Crescent, Hitchin, SG5 3RB
Phone: +44 (0)1462 713313 Email: Website:

Terms and Conditions | Privacy Policy. Registered In England 08453480. VAT No. GB 96 3453 69. Site © Copyright Method Cyber SecurityLtd 2024