Industrial Control Systems Joint Working Group (ICSJWG)

The Cybersecurity and Infrastructure Security Agency (CISA) hosts the Industrial Control Systems Joint Working Group (ICSJWG) to facilitate information sharing and reduce the risk to the nation’s industrial control systems.

The ICSJWG provides a vehicle for communicating and partnering across all Critical Infrastructure (CI) Sectors between federal agencies and departments, as well as private asset owners/operators of industrial control systems. The goal of the ICSJWG is to continue and enhance the collaborative efforts of the industrial control systems stakeholder community in securing CI by accelerating the design, development, and deployment of secure industrial control systems.

CISA/ICSJWG developed a Fact Sheet for quick reference information about the ICSJWG: ICSJWG Fact Sheet.

ICSJWG Banner and Image

ICSJWG 2020 Fall Virtual Meeting Update

The agency has been monitoring the evolving COVID-19, also known as Coronavirus, situation closely, taking part in interagency and industry coordination calls, and working with critical infrastructure partners to prepare for possible disruptions to critical infrastructure that may stem from widespread illness, should the virus take hold in the U.S. You can find up-to-date information regarding these efforts at Additionally, the agency issued a CISA Insights document titled, “Risk Management for Novel Coronavirus (COVID-19)” detailing steps to help executives think through physical, supply chain, and cybersecurity issues that may arise as a result of this ongoing public health concern,

Fall Virtual Meeting Update!

We appreciate all of the participation and interaction during the presentation sessions!

  • The meeting was kicked on September 21 with an overview of the CISA ICS Mission by CISA Leadership. Day 1 continued with presentations from the community.

  • A Capture the Flag activity was available from the opening of the meeting on September 21 until about 2:30 p.m. Eastern Time on September 22. The CTF exposed analysts to hunting across ICS networks for malicious behavior, with puzzles appropriate for both the beginner and the experienced analyst. Challenges included artifacts generated from IT/OT host forensic data, network data (from both bro logs and pcap), and OT equipment actively being exploited by a threat actor.

  • An updated ICS Training series overview was provided during the virtual meeting on September 22. The overview discussed the CYBER-CHAMP(c) program and allowed questions and answers about the sessions provided after the virtual meeting. These subsequent sessions are scheduled to run after the virtual meeting in September and into October. The training series includes both a Foundational track and an Advanced track. Specific foundational topics will be Cybersecurity Differences within IT and ICS Domains, and Cyber Risks to ICS. Specific Advanced topics will be Analyzing Previously Captured ICS Traffic to Discover Vulnerabilities, and Assessing Wireless Vulnerabilities in an ICS Environment. The Flyer about the training which includes registration links may be found here.

  • The Technical Workshop returned on September 22, with various technical topics presented and provided a question and answer opportunity for participants. Topics included Topics include MALCOLM Overview and Demonstration, On-Site Trends, Incident Response (IR) Planning, and Control Environment Laboratory Resource (CELR) Demonstration.

On-demand viewing of released presentations may be accessed here.

Additional Information

For additional information, please contact us at


Previous Meeting Information

Please find agendas for previous meetings below.

Contact the respective author(s) directly for copies of presentations.  

Please contact us if you have questions.

ICSJWG Newsletters

If you would like to submit an article or whitepaper of general interest pertaining to control systems security, please send it to for consideration. Submitted articles will be reviewed and approved by ICSJWG prior to publishing. Please note that marketing or sales presentations aimed at gaining the audience's interest in services, capabilities, or products cannot be approved.

Article submissions for the December 2020 edition are currently being accepted for review until December 4, 2020.

Copies of the current Newsletter and the previous three Quarter's Newsletters may be requested from

ICSJWG Products and Materials

NCCIC/ICSJWG Fact Sheet: ICS Cybersecurity for the C-Level (Six Questions Every C-Level Executive Should Be Asking).
"Common Industrial Control System Vulnerability Disclosure Framework" developed by the Vendor subgroup (July 2012).

ICSJWG Webinar Series

Our Webinar Series is designed to inform the membership and general public about solutions to threats, vulnerabilities, and risks to critical infrastructure and control systems. The search for outstanding and value-added topics is ongoing. Please feel free to send an abstract or short description of any webinar idea to and the Program Office will add it to the topic queue for review and possible inclusion into the series.  Our intent is to have a webinar each quarter of the year.  Please note that marketing or sales presentations aimed at gaining the audience's interest in services, capabilities, or products cannot be approved.

Our Next Webinar is Scheduled!

ICSJWG is pleased to announce the next webinar on January 27, 2021 from 1:00 p.m. to approximately 2:15 p.m. Eastern Time.

Save the Date!  Registration will open shortly.

When registration opens, you will be asked to  send an email from a work-related address to We cannot process registrations from public email addresses. 

Past Webinars

Past webinar presentations which have been released are found below and may be requested from the Program Office through If they are still available, they will be forwarded to you upon request.

  • March 2020 – OT Needs 'Special Consideration' Which Means a Modified Approach to Security and True IT/OT Convergence to Achieve a Robust VM Program
  • November 2019 – Secure Operations Technology
  • July 2019 – Persistent Threat-Based Security for ICS Systems
  • March 2019 – Five Ways to Ensure the Integrity of Your Operations
  • September 2018 - The Top 20 Cyberattacks on Industrial Control Systems
  • January 2018 – Life After Ukraine: Industrial Control System Cybersecurity Industry Trends and Strategies
  • October 2017 – Creating Predictable Fail Safe Conditions for Healthcare Facility - Related Control Systems and Medical Devices by Use of System Segmentation
  • July 2015 – Protecting M2M Systems at the Edge
  • October 2014 – The New Paradigm for Information Security: Assumption of Breach
  • June 2014 – Online Real Time Monitoring for Change Identification
  • March 2014 – I Think, Therefore I Fuzz!

Membership in the ICSJWG

By adding you to our membership rolls, you will receive all outgoing messages to the ICSJWG community, including newsletters, meeting notifications, training information, calls for comments, and other announcements.

Volunteer participation, by contributing ideas, sharing information, or working toward solutions for CI security, is encouraged. To get involved supporting a working activity which addresses critical infrastructure security, please let us know your ideas and the ICJSWG Steering Team (IST) and Program Management Office (PMO) will consider them. To get involved with the ICSJWG in general, please contact us at