The UK government's Centre for the Protection of National Infrastructure (CPNI) has published new advice for the protection of industrial control systems (ICS).
The ‘Security for Industrial Control Systems’ good practice guide is primarily intended for those who are directly responsible for securing ICS, whether they are looking to establish a new programme or complement one that already exists. It will assist ICS professionals in improving their knowledge of security as well providing IT professionals with insight into the ICS environment. Senior leaders in an organisation will be informed about the rationale for establishing an ICS security capability and the potential activities involved in securing assets.
The guide will also be a useful point of reference for the wider group of ICS stakeholders who do not have direct responsibility for security but have a vested interest in it or who could have an impact on ICS security. It will also be useful for Lead Government Departments (LGDs) who have a responsibility for understanding how to measure the trustworthiness of ICS that underpin or directly provide critical services.
The guidance consists of a number of documents that can be downloaded from here.