Most commercial and industrial sectors are required to have incident response plans (IRP) and procedures for incident handling. For those industries that don’t have formal regulation, IRPs are still common under best practices. Unfortunately, these plans often satisfy regulatory requirements but do little to prepare the organization and arm responders.
This paper will focus on specific preparations that can be done to ensure IR efforts are successful, timely, and executed without unnecessary resources. The primary goal of Incident Response (IR) in ICS is the expedited, economical, safe return to stable state. Identification of the infection vector (IV) through root cause analysis (RCA) is a secondary goal. The primary goal of IR procedures is streamlining the IR process. Preparing for an IR event streamlines return to service and reduces the cost associated with root cause analysis.
After reviewing regulatory documents, client procedures, and assisting clients with IR, Dragos has identified two common shortfalls across industrial networks:
• Guidance and regulation do not explicitly discuss root cause.
• Compliance is not validation that an organization is secure and prepared.
Discover more resources.
Explore more resources to support you on your ICS cybersecurity journey.
Ready to put your insights into action?
Take the next steps and contact our team today.