- Stop plugging these 7 devices into extension cords - even if they sound like a good idea
- I changed these 6 Samsung TV settings to give the picture quality an instant boost
- I tested a 9,000,000mAh battery pack from eBay that cost $10 - here's my verdict
- The 3 most Windows-like Linux distros to try because change is hard
- This 'unlimited battery' GPS tracker is an integral part of my hikes - and it's on sale
Top 7 Technical Resource Providers for ICS Security Professionals
Attacks against industrial control systems (ICS) are on the rise. Cyberattacks are more prevalent, creative and faster than ever. So, understanding attackers’ tactics is crucial. The IBM Security X-Force Threat Intelligence Index 2023 highlights that backdoor deployments enabling remote access to ICS systems were the most common type of attacker action in 2022. The positive news is that 67% of attempts to deploy ransomware through backdoors were foiled by defenders who disrupted the backdoor before the ransomware could be executed.
When attackers see a weakness, they exploit it. According to the IBM report, although the proportion of vulnerabilities with a known exploit declined 10 percentage points over the last few years, cybercriminals still have access to more than 78,000 known exploits. This access made it easier to exploit older, unpatched vulnerabilities, highlighting the need for a well-defined vulnerability management strategy, including a better understanding of your attack surface and risk-based prioritization of patches.
Acknowledging these threats, organizations are looking to protect their ICS using a nuanced approach. Many specifically encourage their ICS security professionals to hone their skills and training using respected technical resource providers in the field. These providers can also help IT cybersecurity personnel learn about industrial environments and how best to implement cyber controls relative to the uptime and safety of their organizations’ industrial processes.
Towards that end, here are seven providers that ICS professionals can use to train and continuously educate their teams to defend their organizations’ ICS.
1. Global Information Assurance Certification (GIAC)
Website: https://www.giac.org/
Among the State of Security’s 11 respected providers of IT security training, the Global Information Assurance Certification (GIAC) offers more than 30 certifications to aspiring security professionals. Personnel working in industrial security should consider achieving three certifications in particular.
- Global Industrial Cyber Security Professional (GICSP) is a vendor-neutral program that teaches enrollees how to balance IT, engineering, and digital security to protect industrial control systems.
- Response and Industrial Defense (GRID) teaches participants how to take an Active Defense approach toward securing an ICS network.
- Critical Infrastructure Protection helps ICS security professionals bolster their understanding and implementation of NERC-defined terms and CIP standards.
2. Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems
Website: https://www.cisa.gov/topics/industrial-control-systems
Advancing the security and resilience of ICS is one of CISA’s top priorities. As the lead federal agency responsible for helping Critical Infrastructure partners manage ICS security risk, CISA partners with government and industry to deploy the technologies and practices that will guard critical infrastructure from the threats of today while building innovative capabilities to defend against emerging threats on the horizon. CISA offers a wide range of free products and services to support the ICS community’s cybersecurity security risk management efforts. Visit this full catalog of all CISA ICS Service Offerings with additional details for each service listed.
3. Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)
Website: http://ics-isac.org/
The Industrial Control System Information Sharing and Analysis Center (ICS-ISAC) is a non-profit organization whose mission is to “provide members and associated sectors practical information regarding the cybersecurity of their facilities.” Members of the Center enjoy access to real-time intelligence feeds to stay on top of the latest ICS security threats. From the secure membership portal, they can coordinate their defensive measures, access webinar events, and participate in regular conferences and briefings on evolving threats. They can also review additional information provided by dozens of separate knowledge centers.
4. International Society of Automation (ISA)
Website: https://www.isa.org/
A part of the Automation Federation, the International Society of Automation (ISA) is a non-profit organization that caters to tens of thousands of industrial security professionals and other automation personnel worldwide. In cooperation with the American National Standards Institute, ISA has developed various standards specifying fundamental ICS terms and concepts, ICS security system requirements and security levels (IEC 62443) and steps needed to create an ICS security program. It promotes security awareness of these standards via workforce development, training programs, and professional certificate tracks. Additional industrial security system resources provided by ISA can be found here.
5. National Institute of Standards and Technology (NIST)
Website: https://www.nist.gov/
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the United States government that advances measurement science, standards and technology. The laboratory is responsible for developing the Guide to Industrial Control Systems (ICS) Security – NIST Special Publication 800-82 (PDF), a special publication with two approved revisions as of this writing, while revision three has just gone through public commentary. The document provides guidance on how professionals can secure ICS networks consisting of SCADA systems, distributed control systems (DCS), and other control system configurations like programmable logic controllers (PLC) while they continue to observe each system’s performance, reliability, and safety requirements.
6. The SANS Institute
Website: https://www.sans.org/
Another one of the State of Security’s 11 respected IT security training providers, the SANS Institute offers training in the classroom from a SANS-certified instructor in a self-paced program that is conducted online or in a mentored setting. Industrial security professionals can complete several courses with SANS to advance their careers, including two in partnership with GIAC to obtain GICSP and GRID certification. They can also deepen their knowledge on their own time via perusing SANS’ library of analyst surveys, whitepapers and use cases, as well as by following the training provider’s industrial control systems security blog.
7. Infosec Institute
Website: https://www.infosecinstitute.com/
Infosec Institute, part of Cengage Group, aims to empower all individuals with the resources and skills they need to succeed. The Institute helps security professionals upskill and get certified with 100s of hands-on labs, boot camps and role-based learning paths delivered live online, on-demand or in-person. All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide practitioners from beginner to expert across 52 Work Roles. Infosec curriculum includes the ICS/SCADA Fundamentals Learning Path, which enables professionals to understand the fundamentals of ICS operation and security, from the infrastructure and devices that comprise the system to the architecture, policies and standards that govern operation and their maintenance.
Two for the Road…
Once ICS professionals have referred to the trusted technical providers discussed above, they might want to consider investing in industrial cybersecurity solutions like those offered by Fortra’s Tripwire to gain visibility, implement protective control and perform continuous monitoring to protect against cyber events that negatively affect safety, productivity and quality.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire.