The same day that the United States’ Department of Energy (DoE) and Cybersecurity and Infrastructure Security Agency (CISA) teamed up to release an infographic of best practices for industrial control systems (ICS), their counterparts across the pond released their guidance.
The United Kingdom’s National Cyber Security Centre (NCSC) guidance, Secure Design Principles and Operational Technology, released May 22, also provides a case study, which shows the infographic collaboration between DoE and CISA. As part of the fictional case study, NCSC offered up five design principles: establish the context before designing a system, make compromise difficult, make disruption difficult, make compromise detection easier, and reduce the impact of compromise.
The United States’ infographic details common ICS risk considerations and impacts of cybersecurity events. DoE and CISA also provided eight best practices concerning risk management and cybersecurity governance, physical security, host security, security monitoring, ICS network architecture, ICS network perimeter security, supply chain management, and the human element. Each best practice includes actionable steps IT professionals can take to both strengthen their cybersecurity infrastructure and improve cybersecurity culture and hygiene within their organization.
The infographic also provided the links to CISA’s ICS Recommended Practices and DoE’s Cybersecurity Capability Maturity Model Program.