Without services from sectors like energy, water, transport and communications, the UK could suffer serious consequences including severe social disruption or even loss of life. It means the infrastructure that underpins those sectors is critical.
Protecting these critical services is becoming more complex as providers become increasingly reliant on modern industrial control systems (ICS) to deliver their core operations. These systems are constructed from widely available off-the-shelf technologies. While they deliver significant cost and performance benefits, they also dramatically increase the threat of cyber-attacks that could result in a security breach.
To manage these risks and support the UK Government’s cyber security strategy, we worked with the Centre for the Protection of National Infrastructure (CPNI) and the UK’s National Technical Authority for Information Assurance (CESG) to create a framework of ICS guidance documents and a companion security assessment tool. The CPNI and CESG have published the guidance documents and the tool is now available nationwide.
The Security for Industrial Control Systems (SICS) framework gives critical infrastructure organisations practical guidance and helps them develop a thorough understanding of ICS risks. That means they can reduce the likelihood and potential impact of a cyber-incident. Along with the ICS Security Assessment Tool, organisations now have a comprehensive system for assessing their ICS security. And it means best practice is shared across all sectors.
UK industry have welcomed this and organisations overseas are also adopting the approach. The guidance and tool are set to play a key role in protecting vital infrastructure, while making sure businesses can continue to unlock the benefits of valuable new technologies.
The guidance is on the National Cyber Security Centre (NCSC) website and the tool is available through NCSC advisers.