Close

Content Author


Jalal Bouhdada

Founder & CEO

Having led Applied Risk since he founded the company in 2012, Jalal is responsible for Applied Risk’s industrial security services and product development. Jalal has led many complex ICS cyber security projects for major global clients, including some of the world’s largest industrial companies and utilities. As a global thought-leader on industrial control systems security and critical infrastructure protection, Jalal is an active member of several professional security societies and has co-authored ICS security best practice guidelines for ENISA and the ISA 99. He also frequently lectures to private and public audiences around the world.

I Stock 490591816

Establishing a Comprehensive ICS Security Framework

Jalal Bouhdada

Founder & CEO

Having led Applied Risk since he founded the company in 2012, Jalal is responsible for Applied Risk’s industrial security services and product development. Jalal has led many complex ICS cyber security projects for major global clients, including some of the world’s largest industrial companies and utilities. As a global thought-leader on industrial control systems security and critical infrastructure protection, Jalal is an active member of several professional security societies and has co-authored ICS security best practice guidelines for ENISA and the ISA 99. He also frequently lectures to private and public audiences around the world.

Industrial Control Systems security can be a complex requirement for many businesses already faced with ensuring control systems uptime and resilience. Progressive technology convergence changes have led to an increase in the number of Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) components using Commercial off-the-shelf (COTS) Microsoft Windows, Unix operating systems and IP network protocols.

The technological differences between IT and OT that had traditionally kept these different disciplines separate are now rapidly disappearing. It is no longer sufficient to rely on the proprietary nature of the technologies used within the industrial automation sector to provide an appropriate level of security. ICS systems now face increased threats from unauthorised users, misuse (including accidental employee behaviour) and malicious software, such as malware and ransomware. Consequently an ICS Cyber Security Control Framework needs to be an integral part of every organisations overall security strategy.

An ideal ICS/SCADA security control framework should have the following characteristics:

  • Adaptive and comprehensive approach to deal with emerging cyber threats
  • Address the ICS business requirements (Availability and Integrity) of control systems
  • Meets the risk management and performance requirements typical of control systems
  • Scalable to adhere to applicable industry standards (IEC 62443, NIST 800-82) and regulations

The Applied Risk’s proposed ICS security framework can be subdivided into the following key controls:

The ICS security framework can be used by organizations to establish their control system security program, including OT operational security policies/procedural and risk control framework, which can be further used for security and risk assessments initiatives of the organization’s industrial assets.

Asset owners and operators can build upon the SCADA security framework to frame short-, medium- and long-term security plans by selecting appropriate tools, trainings and technologies to secure their OT infrastructures.

To help mitigate the negative effects of breaches and non-compliance, Applied Risk can help you reduce your industrial cyber security risk.

View our Industrial Cyber Security Services to learn more.

Thank you for your submission!