Government Guidance on Industrial Cybersecurity

By Eric Cosman

ARC Report Abstract

Executive Overview

Protection of critical infrastructure and key resources from unintended compromise or deliberate attack is a well-established imperative in most industrialized nations.  Although the initial emphasis may have been on physical protection, the growing awareness of the risks associated with inadequate industrial cybersecurity have led to the inclusion of threats and vulnerabilities in this area in national response plans.

Industrial control systems are an important element in most areas of the critical infrastructure.  These systems have been the focus of a great deal of effort to prevent related cyber incidents.  We now have a considerable body of knowledge and experience on this subject.  The sheer volume of information, combined with the inherent complexity of the subject, often presents a challenge to asset owners as they struggle to identify the specific sources that may be most useful and relevant to their situation.  In practical terms, too much information is as bad if not worse than too little information.

It is essential that asset owners can vet the available information with respect to its quality and relevance.

Asset owners commonly look to their suppliers and systems integrators for the guidance and direction required to make the right decisions.  While these sources are valuable, a large amount of information is also freely available from the public sector.

Government agencies and other elements of the government have developed and published a variety of guidelines and information on recommended practices.  This information is typically freely available and can serve as a valuable resource when developing cybersecurity response plans.

This report identifies several of the more common sources and highlights specific guidelines and practices that may be of value. 

The World of Industrial Cybersecurity

CSET and Industrial Cybersecurity csetec.PNGFor close to two decades, governments and the private sector have been focused on improving the security of industrial facilities.  With growing awareness of the risks associated with increasing threats and emerging vulnerabilities, emphasis has been placed on applications in critical infra-structure sectors.  The responses have included new and improved standards, improved designs, and evolving technology and services.


Table of Contents

  • Executive Overview
  • The World of Industrial Cybersecurity
  • Challenges Remain
  • Elements of the Response
  • Useful Resources Available
  • Recommendations


ARC Advisory Group clients can view the complete report at ARC Main Client Portal or at ARC Office 365 Client Portal

If you would like to buy this report or obtain information about how to become a client, please Contact Us  


Engage with ARC Advisory Group