By Isiah Jones, MPS, CISSP, GICSP, C|CISO, Director, ICS Cyber Security Engineering
As industrial control system (ICS) assets and operations increasingly become the targets of opportunity it is important that new strategies and ideas for focused and tailored security approaches are introduced to the community. ICS security manager as a service can enable the community to contract skilled resources for a new role dedicated solely to securing ICS within the resource-constrained operations staff for ICS asset owners and operations of some of the world’s most critical infrastructures operated, monitored and controlled by automation and control systems.
The ICS Security Manager as a Service is like CISO as a Service on the IT side of the house with respect to building a security program. However, unlike the CISO as a Service, the ICS Security Manager as a Service is intended to be a more technical, hands-on role as well.
Examples of duties and tasks the ICS Security Manager would perform as a service are: leading, coordinating and implementing day to day security tasks such as building ICS system security plans, inventory lists and testing products and services for ICS operators’ operations and assets.
Such a service would most benefit ICS owners and operators who cannot afford a full-time resource within their staff. Some example asset owners and operators would be electric cooperatives, municipalities, and small businesses that own and operate pipelines, water and wastewater plants and hydro dams.
This series of blog posts will explore the ideas behind the ICS Security Manager as a Service concept including what it is, why it’s needed, and who can benefit.