Industrial control systems at risk

A lack of standards-based technical security testing is putting industrial control environments and critical national infrastructure at risk, says CREST (www.crest-approved.org), the not-for-profit accreditation body representing the technical information security industry, in its latest position paper, ‘Industrial Control Systems: Technical Security Assurance’.
 
According to the report the need to improve cybersecurity in Industrial Control Systems is paramount.  There is a pressing need to improve cyber security in Industrial Control System (ICS) environments to avoid future breaches that could impact critical national infrastructure.
 
The report draws on the diverse views of the Industrial Control Systems and technical security communities and proposes a model for gaining greater assurance in ICS environments. It was based on the findings of a research project - which looked to set out the main challenges and possible solutions for protecting Industrial Control Systems, many of which are based on legacy technologies.
 
Ian Glover, president of CREST. “Research on the project has helped to identify the high-level characteristics of a practical technical security testing approach and organisations should consider how this could add value and protection. It is clear that ICS environments are more sensitive than conventional IT environments and any penetration testing of systems needs to be planned and undertaken with a high degree of trust, skill and caution.”
 
The full report here: http://www.crest-approved.org/wp-content/uploads/CREST-Industrial-Control-Systems-Technical-Security-Assurance-Position-Paper.pdf