The Centre for the Protection of National Infrastructure (CPNI) protects national security by providing protective security advice. Protective security is ‘putting in place, or building into design, security measures or protocols such that threats may be deterred, detected, or the consequences of an attack minimised’.
In the past, Industrial Control System (ICS) security was mostly considered as an afterthought, the phase ‘security through obscurity’ was commonplace, this perception has led to many of the issues we face today. Although some of these issue could be resolved by applying standard IT solutions, many remain unresolved due to the particular constraints of ICS. Only by recognising these constraints and implementing industry good practice developed through practical experience can security be improved.
1 – CPNI Related Point
– CPNI Related Detail.
Multiple IT disciplines are required to fully consider all 20 of these controls. IT4A are practiced at delivering the controls that primarily relate to the communication systems and the connectivity of devices.
A Good Practice Guide has been developed by CESG. It is intended for those who are directly responsible for securing ICS – See more at: Security for Industrial Controls – Executive Summary