Our news section provides you guidance with best practices for managing groups working on cyber security threats for ICS sectors.
Best practices
- Documents detailing a wide variety of industrial control systems (ICS) topics associated with cyber vulnerabilities and their mitigation.
- Measure and control procedures for monitoring large systems, such as Industrial Control Systems.
- The NIST Community Resilience Planning Guide for Buildings and Infrastructure Systems (Guide) and companion Playbook provides a practical and flexible approach to help all communities improve their resilience by setting priorities and allocating resources to manage risks for their prevailing hazards.
- Acknowledging the increasing number and sophistication of cyberattacks against French interests, France recognised in 2008 as a strategic priority the need to reinforce the cybersecurity of critical infrastructures or “Critical Infrastructures Information Protection” (CIIP). In 2013, a dedicated CIIP regulatory framework was established: the “CIIP law”.
- A source of vulnerabilities that have been exploited in the wild. Organisations should use the catalog as an input to their vulnerability management prioritisation framework.
Setting up and managing an ISAC (Information Sharing and Analysis Centres)
- Acknowledging the increasing number and sophistication of cyberattacks against French interests, France recognised in 2008 as a strategic priority the need to reinforce the cybersecurity of critical infrastructures or “Critical Infrastructures Information Protection” (CIIP). In 2013, a dedicated CIIP regulatory framework was established: the “CIIP law”.
- Describe the practical aspects of setting up a new information sharing community, such as an Information Sharing and Analysis Centre (ISAC) or an Information Sharing and Analysis Organisation (ISAO)
- A comprehensive toolkit for establishing and developing Information Sharing and Analysis Centres, or ISACs.
- The European ISAC for organisations in the energy sector
- An ISAC focussed towards organisation in the oil and natural gas industry.r
Training
Miscellaneous
- Talk by Joe Slowik at x33fcon.
- Talk by Dieter Sarrazyn at SANS ICS Security Summit.
- ICS Advisory Dashboards provide ICS asset owners, analysts, CISOs, and researchers with a way to quickly identify new and previously reported ICS Advisories affecting control system assets in OT environments across multiple critical infrastructure sectors.