ICS are widely used to control industrial processes for manufacturing, production and distribution of products. Often commercial, outdated off-the-shelf software is used. Well-known types of ICS include supervisory control and data acquisition (SCADA), where SCADA systems are the largest ICS subgroup.
Recent ICS/SCADA incidents underline the importance of good governance and control of SCADA infrastructures. In particular, the ability to respond to critical incidents, as well as the capacity to analyse the results of an attack in order to learn from such incidents is crucial.
ENISA released a white paper giving recommendations regarding prevention and preparedness for an agile and integrated response to cyber security attacks and incidents against Industrial Control Systems. They identified four key points for a proactive learning environment which will in turn ensure a fast response to cyber incidents and their ex-post analysis:
- Complementing the existing skills base with ex-post analysis expertise and understanding overlaps between cyber and physical critical incident response teams;
- Facilitating the integration of cyber and physical response processes with a greater understanding of where digital evidence may be found and what the appropriate actions to preserve it would be;
- Designing and configuring systems in a way that enables digital evidence retention; and
- Increasing inter-organisational and interstate collaboration efforts.