The Cybersecurity and Infrastructure Security Agency (CISA) released a strategy today intended to “strengthen and unify industrial control systems (ICS) cybersecurity for a more aligned, proactive, and collaborative approach to protect the essential services Americans use every day.”
The strategy, dubbed the Securing Industrial Control Systems: A Unified Initiative, will help the ICS community build out new capabilities that will lead to more secure ICS operations. “Ultimately, it strives to move CISA and the ICS community beyond reactive measures to a more proactive ICS security focus,” CISA said in a statement.
“In recent years, we have seen industrial control systems around the world become a target for an increasing number of capable, imaginative adversaries aiming to disrupt essential services,” said Christopher Krebs, Director of CISA. “As attackers continue trying to exploit vulnerabilities in ICS, we need to make sure we’re staying ahead of them. Together with our partners in the ICS industry and the security community, this strategy will lead us to new, unified initiatives and security capabilities that will markedly improve the way we defend and secure ICS.”
The new initiative is a five-year plan that builds on prior collaboration between CISA and the ICS community, as well as existing support CISA provides to the community. The initiative also elevates ICS security as a “priority” within CISA, coalescing CISA’s organizational attention around the implementation of a unified, “One CISA” strategy.”
CISA said that the initiative organizes its efforts around four “guiding principles” and provides the agency’s “vision” for each of the principles.
- “Ask more of the ICS Community, deliver more to them – CISA will reinvigorate and deepen our existing partnerships while also expanding the scope of engagements with the broader ICS community to empower CISA’s partners to mitigate ICS risk.
- Develop and utilize technology to mature collective ICS cyber defense – CISA will develop and promote easily accessible, deployable, and inexpensive ICS tools and capabilities to help asset owners secure ICS against all adversaries.
- Build ‘deep data’ capabilities to analyze and deliver information that the ICS community can use to disrupt the ICS cyber kill chain – CISA will diversify data partnerships, further define ICS data needs, and support efforts to increase the ingestion of additional data differentiated by source, type, and consequence to increase visibility into ICS threats and vulnerabilities.
- Enable informed and proactive security investments by understanding and anticipating ICS risk – CISA will improve visibility into the risk landscape and use that knowledge to inform investments into proactive initiatives that move the ICS community ahead of the threat curve.”
“ICS security presents unique challenges,” Krebs wrote in the strategy document. “The ICS community must aggressively pursue new ways to outpace our adversaries and elevate ICS security and resilience as a national priority. No entity has the resources or capabilities to counter all ICS threats alone. Rather, the future of ICS security lies in building collective ICS security capabilities through joint investments and collaboration with ICS cyber researchers as well as with our partners in government, the private sector, and academia.”