Standards Define Cybersecurity Requirements for Industrial Control Systems Development

By Eric Cosman

ARC Report Abstract


When implementing industrial control systems to monitor and control elements of the critical infrastructure, it has always been crucial to ensure their safe and reliable operation.  Traditionally, those building and operating such systems have focused on mitigating the effects of equipment failure or unexpected process conditions.  In recent years, these concerns have expanded to include the possibility of accidental or deliberate com-promise of the computers or networks via a cyber-attack.

Secure Development Life Cycle for cybersecurity eccybersec.JPGEngineering disciplines have defined effective and accepted normative standards for improving both safety and security. In applying these standards asset owners have focused primarily on protecting their existing systems.  The nature of the response is now well established. It begins with identifying and characterizing the assets requiring protection.  With this information it is possible to assemble and implement suitable countermeasures.

While this approach is reasonable given the size and complexity of the installed base, it is not sufficient. To make long-term gains it is essential to address the fundamental design of industrial control systems.  To the extent possible, these systems must be both safe and secure by design.  Standards must also address the components and technology that make up industrial control systems as well as the processes used to develop them.  Cybersecurity standards are now available to address this need.

ARC Advisory Group clients can view the complete report at ARC Main Client Portal or at ARC Office 365 Client Portal

If you would like to buy this report or obtain information about how to become a client, please Contact Us    

Keywords: Certification, Cybersecurity, Product Development, Secure by Design, Standards, ARC Advisory Group.

Engage with ARC Advisory Group