Industrial Control Systems Technical Security Assurance
This Position Paper presents the findings from a CREST project on the Technical Security Assurance of Industrial Control Systems (ICS). This document is based on detailed research and includes insights, commentary and analysis garnered from subject matter experts through:
- Requirements and validation workshops held at CREST member facilities
- Desktop review of published literature on ICS security and ICS security testing
- Structured interviews with subject matter experts on ICS security
- Review of the US Department of Homeland Security (DHS) and the UK Centre for the Protection of National Infrastructure (CPNI) document Cyber Security Assessments for Industrial Control Systems
- Analysis of the input pack on ICS security and ICS technical security assurance that was completed by workshop participants and members of the project review group.
The purpose of the Position Paper is to set out the main challenges and possible solutions for gaining technical security assurance of Industrial Control Systems. It provides the basis for further work on
the development of detailed guidance material that can be used by specialists to help secure ICS environments and in particular those that make up the Critical National Infrastructure.
The scope of the Position Paper has been restricted to focus on the main topics related to technical security assurance of ICS environments that have emerged from the project research. It has therefore not included topics that are either very generic or very specific.
Download a copy of the CREST Industrial Control Systems Position Paper here (PDF)