Securing an Industrial Control System (ICS) environment has always been one of the most important considerations for any business but as these systems have evolved from closed, proprietary environments to the modern IP connected systems that we see today, the security risk has evolved with it. Additionally, as the drive towards more connectivity using IP systems gathers speed, it brings with it all the associated vulnerabilities and malware that have already been seen in the IT side of the house. This includes understanding your responsibilities to comply with various regulation(s) such as the EU NIS Directive as well as educating your staff in what to look for and how to report anomalous behaviour. There has also been a growth in understanding how your risk may be increased by the lack of security in your Supply Chain.
A modern ICS is subject to all the threats and vulnerabilities that any normal office network may encounter and, as the attackers are gaining more knowledge about what these systems actually do, the attack is less likely to come from the 'script-kiddies' who seek notoriety but is more likely to come from criminal or state-sponsored groups whose motivation, resources and skills are far more advanced.
We have successfully been delivering hands-on, instructor-led ICS Security courses for CPNI/NCSC for over 4 years now and the success of these courses has grown into a secondary market of individual companies requiring additional multiple courses as well as the vendors of products and services who need to understand what the front-line business will be demanding from them.