Skip to Content

5.6 Industrial Automation and Control Systems (IACS) Cybersecurity

The knowledge, skills, and abilities needed to understand the purpose and implement the function of cybersecurity in operational technology, including tools and systems.

Critical Work Functions

    5.6.1 Differentiate between IT and OT architectures and the operation of these architectures
      5.6.2 Manage Cybersecurity risk as it relates to IACS
        5.6.3 Determine and implement the appropriate tools and methods for IACS Cybersecurity
          5.6.4 Understand zones and conduits identification
            5.6.5 Understand Cybersecurity Security Level (SL) per zone
              5.6.6 Professional development to stay current on threats and remediation methodologies
                5.6.7 Incorporate new and emerging cybersecurity defense technologies and trends into proposed solutions
                  5.6.8 Reassess risk as automation systems evolve
                  Technical Content Areas

                    5.6.9 General
                    • Understand policies and procedures - IT and OT
                    • Technologies –Security Lifecycle - assess, implement and maintain
                    • People – training and motivation
                    5.6.10 Operational Technology (OT) architecture
                    • Explain typical OT architecture
                    • Explain the typical communications network options and communications protocols used in OT architectures, with their relative pros and cons
                    • Identify the principal drivers of OT systems, particularly process safety and system availability
                    5.6.11 Networks
                    • Recognize the impact on OT systems of security hardware and software options such as encryption and intrusion detection
                    • Explain guidance on separation of OT and IT system networks and components
                    • Identify zones and conduits and implement controls
                    5.6.12 Operating systems
                    • Describe how to manage patches to IT and OT operating systems
                    • Recognize the implications of installed patches to IT and OT systems
                    5.6.13 Telecommunications
                    • Describe the communications protocols used in OT architectures, with their relative pros and cons
                    5.6.14 Information assurance - The standards, procedures, and applications used to protect the confidentiality, integrity and availability of information and information systems
                    • Identity management and authentication
                    • Access control
                    • System integrity
                    • Data confidentiality
                    • Restricted data flow
                    • Timely response to events
                    • Resource availability
                    5.6.15 Security Lifecycle – The overall business process for managing security of information and information systems
                    • Understand that security management is a continuous process
                    • Recognize the key elements which must be present in any security lifecycle: governance, identify, protect, respond and recover
                    5.6.16 Governance - The knowledge and skills, and abilities needed to successfully manage the process
                    • Policies and procedures – defining what will be done and how
                    • Oversight – ensuring the process is working
                    5.6.17 Identify – The knowledge and skills, and abilities needed to identify the assets to be managed
                    • Differences between OT and IT systems - recognize the specialized system requirements of OT systems
                    • Asset management
                    • Risk management – the systems, tools, and concepts used to minimize the risk to an organization's cyberspace and prevent a cybersecurity incident
                    • Computer defense - describe the impact of computer defense techniques and tools (such as penetration testing and vulnerability scanning) on IT and OT systems and know when to use such techniques or tools
                    • Contracting and procurement - describe critical IT and OT procurement requirements
                    • Enterprise strategies - explain the rationale of and adhere to IT and OT supply chain security/risk management policies, requirements, and procedures
                    5.6.18 Protect – The knowledge and skills, and abilities needed to develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services
                    • Technologies and architectures – how to make systems secure (firewalls, DMZ, zones, conduits, VPNs)
                    • Access Control – limiting access to systems (role based access and account management)
                    • Awareness and training – making users aware
                    • Data security – protecting valuable information
                    • Maintenance – managing updates safely and securely – virus scanning, patch management
                    • Outsourcing – safely outsourcing the entire technology environment (cloud computing, etc.), taking into account the limitations of outsourcing OT systems
                    • Safe internet behavior – not accessing email or internet on OT system computers; not installing unauthorized software on OT system computers
                    • Remote working - restrictions on accessing OT systems at home or outside the secure work areas of the business
                    5.6.19 Detect - The knowledge, skills, and abilities needed to identify threats or incidents
                    • Intrusion detection tools
                    • Network monitoring resources
                    • Attack stages
                    • Evasion strategies and techniques
                    • Incident classification
                    5.6.20 Respond - The knowledge, skills, and abilities needed to respond to and remediate an incident, as well as restore functionality to the system or infrastructure
                    • Response/business continuity planning - understand the risks associated with OT systems and be able to identify practical mitigation measures to manage these risks
                    • Analysis – investigate anomalies, perform forensics, classify the incident
                    • Communications – understand roles and order of operations; report incidents consistently within established criteria; share information in accordance with plans; coordinate with stakeholders
                    • Mitigation – contain and mitigate incidents
                    5.6.21 Recover – The knowledge and skills, and abilities needed to ensure timely restoration of systems or assets affected by cybersecurity events and adoption of lessons learned
                    • Recovery planning – execute recover plan
                    • Communications – manage public relations; repair reputation; communicate with stakeholders
                    • Improvements – incorporate lessons learned into plans and update response strategies
                    5.6.22 Standards
                    • International Information Security Management Guidance (ISO27001)
                    • Office of Homeland Security System and Physical Security Regulations (US only)
                    • ISA/IEC 62443 Cyber Security for Industrial Control Systems
                    • NIST Cybersecurity Framework