Skip to content

CPNI

CLIENT STORY

Protecting UK critical national infrastructure by securing industrial control systems

National infrastructure are the facilities, systems, sites, information, people, networks and processes that are necessary for a country to function and upon which daily life depends. So, it’s vital to protect and secure it. To ensure the UK’s critical national infrastructure can withstand the test of the modern world, we worked with the Centre for the Protection of National Infrastructure (CPNI) and the UK’s National Technical Authority for Information Assurance (CESG) to create a framework of industrial control systems (ICS) guidance documents and a companion security assessment tool.

 

Key successes

  • list

    Created a framework of ICS guidance documents and a companion security assessment tool that are now used nationally

  • lightbulb

    Organisations now have a comprehensive system for assessing ICS security and can share best practice across sectors

  • globe

    Our approach is now being used internationally

Protecting services and managing risk

Without services from sectors like energy, water, transport and communications, the UK could suffer serious consequences including severe social disruption or even loss of life. It means the infrastructure that underpins those sectors is critical.

Protecting these critical services is becoming more complex as providers become increasingly reliant on modern industrial control systems (ICS) to deliver their core operations. These systems are constructed from widely available off-the-shelf technologies. While they deliver significant cost and performance benefits, they also dramatically increase the threat of cyber-attacks that could result in a security breach.

To manage these risks and support the UK Government’s cyber security strategy, we worked with the Centre for the Protection of National Infrastructure (CPNI) and the UK’s National Technical Authority for Information Assurance (CESG) to create a framework of ICS guidance documents and a companion security assessment tool. The CPNI and CESG have published the guidance documents and the tool is now available nationwide.

Providing practical guidance and assessment tools

The Security for Industrial Control Systems (SICS) framework gives critical infrastructure organisations practical guidance and helps them develop a thorough understanding of ICS risks. That means they can reduce the likelihood and potential impact of a cyber-incident. Along with the ICS Security Assessment Tool, organisations now have a comprehensive system for assessing their ICS security. And it means best practice is shared across all sectors.

UK industry have welcomed this and organisations overseas are also adopting the approach. The guidance and tool are set to play a key role in protecting vital infrastructure, while making sure businesses can continue to unlock the benefits of valuable new technologies.

The guidance is on the National Cyber Security Centre (NCSC) website and the tool is available through NCSC advisers.

Contact us

Elliot Rose

PA cyber and data privacy expert

Justin Lowe

PA digital trust and cyber security expert