Securing an Industrial Control System (ICS) environment has always been one of the most important considerations for any business but as these systems have evolved from closed, proprietary environments to the modern IP connected systems that we see today, the security risk has evolved with it. Additionally, as the drive towards more connectivity using IP systems gathers speed, it brings with it all the associated vulnerabilities and malware that have already been seen in the IT side of the house. This includes understanding your responsibilities to comply with various regulation(s) such as the EU NIS Directive, as well as educating your staff in identifying risks and how to report anomalous behaviour. There has also been a growth in understanding how your risk may be increased by the lack of security in your Supply Chain.

A modern ICS is subject to all the threats and vulnerabilities of any normal office network. As the attackers are gaining more knowledge of what these systems actually do, an attack is less likely to come from the ‘script-kiddies‘ who seek notoriety, and more likely to come from criminal or state-sponsored groups whose motivation, resources and skills are far more advanced.

We have successfully been delivering hands-on, instructor-led ICS Security courses for CPNI/NCSC for over 4 years. The success of these courses has grown into a secondary market of individual companies requiring additional multiple courses, as well as the vendors of products and services who need to understand what the front-line business will be demanding from them.