Information Security Forum launches new report on industrial control systems

May 9, 2018
With many organizations heavily reliant on ICS to support business operations, the potential impact of getting information security wrong can be catastrophic

NEW YORK – May 9, 2018 –The Information Security Forum (ISF), the trusted source that senior security professionals and board members turn to for strategic and practical guidance on information security and risk management, has released Industrial Control Systems: Securing the Systems That Control Physical Environments, the organization’s latest report which prepares information security managers and practitioners to evaluate Industrial Control Systems (ICS) information security problems and protect ICS environments. In conjunction with the release of this report, the ISF is launching the ISF ICS Security Program, a flexible and collaborative program to help organizations address the problems they are facing and to make effective, sustainable improvements to information security arrangements in their ICS environments.

The significant concerns about cyber risk raised during research – along with well-publicized cyber security incidents and an increase in media coverage of ICS security vulnerabilities – clearly demonstrates the urgency that organizations should now attach to improving information security across both ICS environments and the Industrial Internet of Things (IIoT). With many organizations heavily reliant on ICS to support business operations, the potential impact of getting information security wrong can be catastrophic. Costs can be extensive, corporate reputation severely damaged and lives can be put at risk. However, many of these same organizations are grappling with fast-changing, interconnected and complex ICS environments. At a time of increasing yet unclear levels of risk, business leaders are questioning the effectiveness of ICS security arrangements.

“In today’s modern, interconnected world, the potential impact of inadequately securing ICS can be catastrophic, with lives at stake, extensive costs and corporate reputations on the line.  As a result, senior business managers and boards are under growing pressure to improve and maintain the security of ICS environments,” said Steve Durbin, Managing Director, ISF. “To improve the effectiveness of ICS security, organizations should implement a tailored, collaborative and risk-based approach. The ICS Security Program detailed in Industrial Control Systems: Securing the Systems That Control Physical Environments presents a practical and structured method for enabling actions that deliver advantages over adversaries and competitors alike.”

The digital revolution that transformed both commercial organizations and governments is now affecting systems deployed in the industrial world – and at an equal runaway pace. Such rapid change has left many organizations struggling to secure these systems and reduce the likelihood of successful attacks. Industrial Control Systems: Securing the Systems That Control Physical Environments aids organizations of all sizes by:

  • Defining ICS, describing how they work in practice and putting them in context of a wider set of assets relating to ICS environments 
  • Highlighting the growing need to protect ICS
  • Describing how to prepare for an ICS Security Program; a practical and structured approach for Improving information security arrangements in ICS environments
  • Explaining the steps required to implement an ICS Security Program effectively 

Industrial Control Systems: Securing the Systems That Control Physical Environments is aimed at senior business executives, up to and including board level. The report focuses on the protection of ICS environments in the industrial world (e.g. power stations, factories, manufacturing plants and transport infrastructure), rather than smaller ICS or ‘process control systems’ installed in offices or similar environments (e.g. air-conditioning and fire suppression). For more information on the report, and to download a copy of the executive summary, please visit https://www.securityforum.org/.

About the Information Security Forum

Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. The organization is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. By working together, ISF Members avoid the major expenditure required to reach the same goals on their own. Consultancy services are available and provide ISF Members and Non-Members with the opportunity to purchase short-term, professional support activities to supplement the implementation of ISF products.

For more information on ISF membership, please visit https://www.securityforum.org/.