While the imperative to improve industrial cybersecurity for both industrial control system hardware and software only started to receive significant attention around 2001, the need to do so has been known for decades. The use of commercial off the shelf (COTS) technology in industrial applications has steadily eroded the traditional “security-through-obscurity” assumptions.
The response to this imperative has evolved through several stages. Rising awareness initially led to the use of compensating measures. This progressed to the development of security requirements for new and existing systems and creation of normative and regulatory standards. Many of the early standards (e.g., NERC CIP) addressed specific industry sec-tors, such as energy and other areas of the critical infrastructure.
More recently, we’re seeing growing acceptance of the fact that many of the different sectors that employ industrial control systems have many common requirements when it comes to cybersecurity. This has led to efforts to apply and adapt standards developed for one sector or industry to others. ARC Advisory Group expects this trend to continue as industry groups, suppliers, and asset owners strive to optimize their response. It begins with acceptance of basic information security-related practices as a starting point and enhancing and extending these to better fit industrial applications.
If you would like to buy this report or obtain information about how to become a client, please Contact Us
Keywords: Industrial Cybersecurity Case Studies, Guidance, ICS, Practices, Standards, ARC Advisory Group.