Thomas Pope, Selena Larson

The cyber threat to industrial control systems, including critical infrastructure, is greatly different than those theorized or targeted by compliance efforts, leaving ICS risk management struggling. The cyber risk to industrial control systems (ICS) is significant and growing and largely unmanaged against the real threats – including threats to life and the physical environment – facing ICS. There are a number of reasons for this: lack of data and visibility into threats, a dynamic threat landscape, and an increasing number of adversaries targeting this space.

We are experiencing an ever-changing landscape challenging our understanding of ICS threats and the threat behaviors, and defense against new threats is not fully addressed in compliance. Furthermore, compliance only leads to a bare minimum of security. Leveraging threat intelligence — knowledge about adversaries based on evidence collected and analyzed by ICS intelligence experts — is critical to securing ICS environments. As the numbers of adversaries and ICS attacks increase, companies need to re-evaluate how they treat risk to their ICS environments outside of natural events. This is especially true for those operating in critical infrastructure.

Read this whitepaper to learn how applying ICS-specific threat intelligence to governance, risk, and compliance (GRC) can greatly reduce an organization’s risk profile and help meet compliance mandates.