We’re focused on…
Incident Command System for Industrial Control Systems (ICS4ICS).
It’s a command system designed to improve the global capabilities of Industrial Control System cybersecurity.
It leverages the Incident Command System (ICS) outlined by FEMA, which is used by first responders around the world when they respond to high-impact events – from road traffic accidents and industrial accidents to fires, hurricanes, earthquakes, and more.
The ICS has been used and tested for over 30 years in emergency response situations, by governments and private sector organisations.
And ICS4ICS takes this system into cybersecurity. In July 2021, ICS4ICS announced that four people had obtained their Incident Commander credentials through the very first cybersecurity first responder program.
One of those four people was Megan Samford, who had a background in critical infrastructure protection and emergency management. She worked for the US Governor’s Office of Virginia, before a hiring manager on the Product Security Incident Response team at General Electric encouraged her to apply for a cybersecurity role.
Samford came to speak at Black Hat MEA 2023 – and we interviewed her on this.
What does ICS4ICS aim to achieve?
“Going back to when I worked in government and gained experience in emergency management, I also gained experience in a system used across all federal state and local governments, and really most first responders in the world: incident command system.
“Incident Command System for Industrial Control Systems (ICS4ICS) is designed to improve global Industrial Control System cybersecurity incident management capabilities leveraging the Incident Command System for response structure, roles, and interoperability.”
So how does ICS improve emergency response efforts?
Here’s what Samford told us:
🚩Standardisation. It offers a standardised, structured approach to emergency response so that emergency responders can work together seamlessly, regardless of their agency or organisation. This allows for effective communication, coordination, and collaboration between different emergency responders.
🚩Coordination. It facilitates coordination and collaboration between multiple agencies and organisations by establishing clear roles, responsibilities, and communication protocols.
🚩Flexibility. ICS is a flexible system that can be adapted to respond to different types of incidents, from natural disasters to hazardous materials incidents – and even to cyber attacks.
🚩Clear Command Structure. It establishes a clear command structure, with a single Incident Commander who is responsible for managing the response effort. This promotes rapid and effective decision-making and helps to ensure that resources are deployed where they’re most needed.
🚩Effective Resource Management. ICS facilitates effective resource management by providing a framework for identifying and prioritising resource needs, and for deploying resources in the most effective manner – so emergency responders have the resources they need to respond to the incident.
ICS4ICS is built around community and collaboration
Something that’s really interesting about ICS4ICS is that it’s not a static theoretical framework, delivered from the people at the top of an organisation to the people at the bottom.
Instead, it’s a system that has been developed from years of real work, and real emergency response – and it relies on the experience and input of real emergency responders and cybersecurity professionals.
As Samford said,
“I have a great group of peers in the industry that support me and I try to support them. To have friends, you have to be a good friend, and I think the ICS Cybersecurity community is very much like that; if you put in and give to this community, it will give back to you.”
ICS4ICS recognises that cybersecurity is, at its core, a field of disaster response. And that means that the established and functional practices for responding to disaster in other, non-cyber settings can be hugely valuable to cyber attack responders.
Read our full interview with Megan Samford: Is cybersecurity a disaster science?
P.S. - Mark your calendars for the return of Black Hat MEA in November 2024. Want to be a part of the action? Register now!