by Krish Sridhar, P.E, GSEC, MBA
The design and implementation of Industrial Control Systems (ICS) cybersecurity program poses significant challenges due to the stringent requirements of a manufacturing plant and how control systems and their networks are engineered, operated and maintained. While industry has made significant strides in gaining awareness and applying resources to address these requirements, many organizations have also come to realize that implementing cybersecurity measures in the ICS environment – also referred to as Operations Technology or OT, is challenging and quite different from implementing cybersecurity in the enterprise IT environment. Many of the concepts proven and accepted in enterprise IT are either too difficult and/or complex to execute or simply not relevant to the operating environment. Guidance provide by the NIST framework and other publications are helpful to getting started, and experience also dictates that there are a core set of cybersecurity elements for the ICS environment that must be done right. This paper highlights the uniqueness of the ICS environment and offers core principles for a successful development and launch of an ICS cybersecurity program.