Risk Assessment Standards for ICS Environments

The number of Internet connected Industrial Control System (ICS) environments is increasing over time, but their cyber security is still lacking. This lack of cyber security creates risks, and dealing with these risks is often treated as an IT task. However, using classical IT risk assessment methodologies can have adverse effects on ICS functionality and safety. This is why cyber security risks have to be assessed differently in ICS environments. This white paper on "Risk Assessment Standards for ICS Environments" is written by one of our experts Stash Kempinski and discusses a selection of risk assessment standards and compares them to highlight their key differences. The following standards are discussed due to their generality, or their applicability to ICS environments:

• ISO/IEC 31010:2009: Risk management
  
• IEC 62443-3-2:2020: Security for industrial automation and control systems
  
• NIST SP 800-30r1: Guide for Conducting Risk Assessments

Each standards has its own pros and cons in practice. While one single standard may turn out to be sufficient to accommodate to any cyber security needs of an organization, combining different standards creates a more robust risk assessment. It is also important to note that the applicability of each standard differs per organization. This white paper also provides a high-level overview on the differences in applicability & the decision factors, which makes it more clear what standard is the most suitable for you as an ICS manufacturer. Read the white paper to learn more.

More on ICS Security & Standards

Industrial Control Systems (ICS) form the backbone of everyday life, underpinning everything from critical infrastructure to building automation. At Secura, we offer a broad range of services to help you secure your ICS enviroments. Would you like to know more about security testing and/or certifying your ICS/SCADA product or process? Contact us today to discuss our services in more detail and find out which service fits your ICS product best.

Alongside our services, we also offer an Industrial Control Systems (ICS) Security Training, which is a course that is designed to provide attendees with insight into the ICS security landscape in order to equip them to assess and defend industrial systems.

Download our Risk Assessment Standards for ICS Enviroments white paper below.