Your Solution for SMART Response Plans

Cyber-Security for ICS Necessary in Business Continuity Planning

Posted on Thu, Nov 21, 2013

The 2013 Global Risk Report ranks cyber-attacks in the “Top Five” of highly probability occurring incidents within the next ten years. According to the report, cyber-attacks and critical system failures are considerable technological risks to companies and organizations across the globe.

As technology dependencies become more ingrained in company operations, it is essential to institute company-wide best practices for risk analysis, computer security, downloads, and backups in order to secure necessary integrated technologies. A recent report by The European Union Agency for Network and Information Security (ENISA) highlighted security concerns over Industrial Control Systems (ICS), including the widely utilized Supervisory Control and Data Acquisition (SCADA) systems, distributed control systems (DSC), and programmable logic controllers (PLC). These concerns are echoed in recent publications by the Department of Homeland Security’s Industrial Control System Cyber Emergency Response Team (ICS-CERT).

ICS are often used to control industrial processes, such as manufacturing, product handling, production, and distribution, and is a necessary element to promote business continuity. The main concern expressed by ENISA and ICS-CERT is that prevalent industrial control systems are riddled with varying outdated and un-patched software, leaving them exposed and vulnerable to hackers and cyber-attacks. Mitigating this high risk is critical for maintaining continuity of operations.

Recent SCADA and ICS security incidents greatly emphasize the importance of vigilant observation, analysis, and control of SCADA infrastructures. The ICS-CERT quarterly newsletter entitled Monitor, stated that the response team responded to 198 incidents across all critical infrastructures in 2012. That number was surpassed by May 2013 with energy infrastructures comprising 53 percent of the targeted attacks.  That percentage was up from 41 percent in 2012.


ICS-CERT urges operators to embrace coordination by sharing attack data, specifically indicators of system compromises, and established a secure portal to allow companies to actively engage in protecting critical infrastructure. Through the portal, ICS-CERT was able to identify 10 IP addresses that participated in a recent attack against a gas compressor station. The alert prompted other station owners to investigate their own networks and they eventually reported another 39 IP addresses associated with attacks.

According to ENISA, critical infrastructure companies should employ continual risk-based assessments of cyber security policies to prioritize and tailor recommended guidelines and solutions to fit specific security, business, and operational requirements. ICS-CERT offers recommended practices, vetted by subject-matter experts, to bolster technology security. In addition to these recommended practices, identifying procedural details of computer backups, data restoration methods, and minimum software requirements are crucial to re-establishing technology and business continuity of critical business processes, in the event of an attack.  

There must be a mutual understanding between IT personnel and crisis managers regarding their respective roles, available resources, security efforts, and response measure during cyber disruption events.  The ability to respond to critical incidents and identify root causes are key aspects in the ability to mitigate potential threats. With technology-based incidents, analyzing the deficiencies that led to IT downtime enables countermeasures to be implemented. ENISA offers four key areas that promote investigative capabilities that allow mitigated efforts: These key areas include:

  1. Facilitate integration with existing structures
    • Determine source of evidence of security breach
    • Clarify data retention impact on systems
    • Streamline operational and IT interfaces
  2. Safeguard systems and configurations
    • Deploy security controls
    • Ensure logging controls
  3. Review key roles and responsibilities
  4. Embrace partnership coordination and cooperation


Free resources from TRP Corp: Receive the Example Response Procedures Flow Chart

New Call-to-Action

Tags: ICS, Security plans, Department of Homeland Security, Data Loss, Cyber-Security, Data Backup