Abstract: ICS Cyber Incident Response Plan RP

The strength, growth, and prosperity of this nation are maintained by key resources and a functioning and healthy infrastructure. Much of that infrastructure is sustained by a variety of industrial control systems. The term industrial control system refers to supervisory control and data acquisition, process control, distributed control, and any other systems that control, monitor, and manage the nation's critical infrastructure. Critical infrastructure and key resources consist of 18 sectors: Agriculture and Food, Banking and Finance, Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Government Facilities, Healthcare and Public Health, Information Technology, National Monuments and Icons, Nuclear Reactors, Materials and Waste, Postal and Shipping, Transportation Systems and Water. Simply stated, a control system gathers information and then performs a function based on its established parameters and the information it receives.

Industrial control systems, like traditional business information systems are coming increasingly under attack by a variety of malicious sources. These range from hackers looking for attention and notoriety to sophisticated nation states intent on damaging equipment and facilities. Included in this mix are disgruntled employees, competitors, and even friendly sources that inadvertently bring malware onto a site.

This document will present recommendations to help those facilities that use control systems better prepare for and respond to a cyber incident regardless of source. The document also suggests ways to learn from incidents and to strengthen the system against potential attacks. The document includes accepted methods and approaches from tradition information technology, but is primarily focused on the unique aspects of industrial control systems.
Full document (PDF)