ICS/OT Policies and Procedures – Evaluating Effective Incident Response in Times of Lockdown

There is no question, this new age surrounding COVID-19 has definitely forced all organizations to rethink, reassess, reaffirm, or redesign many policies and procedures. ICS organizations are no exception. However, perhaps one of the critical functions that has not been given its due attention is incident response. Likewise, incident response is often not given its due attention under the best of times. But as the “post” COVID-19 environment seems to be ushering in a new normal for most, it is prudent to consider how an ICS/OT incident will be handled when physical access may be limited by multiple factors. ICS cybersecurity firm Dragos considers alternative ways to safely execute incident response during times of lockdown, including the need to consider if and how to do so remotely. Dragos poses points to ponder, including some pros and cons of remote forensic data acquisition, remote analysis, and regulatory limitations on doing so. As discussed in WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, #11 – Plan for Incidents, Emergencies, and Disasters, an incident response plan is a critical part of every cyber strategy and it is imperative for cyber incident response plans to be reviewed and refreshed accordingly. Read the post at Dragos