In order to develop a robust security posture, All stages of the Cyber Security Management System (CSMS) require to be driven by information about vulnerabilities and informed by assumptions about malicious activity (threats). Combining an understanding of IACS vulnerabilities with awareness of adversaries’ tactics, techniques and procedures (TTPs) helps an organisation develop a proactive, rather than reactive, approach to cyber security and assists business decision makers in targeting investment to mitigate security risks.
The analysis of your business risks needs to be based on a thorough understanding of what you are trying to secure, from the simple network diagram and IACSIndustrial Automation and Control Systems asset register, and what outcomes, identified during Risk Assessment, you are trying to prevent. This allows organisations to focus on risks relevant to their IACS install base and industry sector.
The extent of vulnerability information and threat intelligence an organisation can gather and the efficiency with which the information can be used to enhance the security posture will depend on the maturity of an organisation’s security program and the resources available to analyse and act on vulnerability information and threat intelligence but the following sources should be included (where practicable):
Site operational experience e.g.:
Wider industry / sector attack reports e.g.:
Vulnerability Information Sharing Platforms e.g.:
Security monitoring / threat detection data e.g.:
E: firstname.lastname@example.org. T: 44 (0)1462 713313. W: www.methodcysec.com