This guide, produced by the Centre for the Protection of National Infrastructure and the U.S. Department of Homeland Security's National Cyber Security Division - Control Systems Security Program, aims to assists asset owners to maximise the return on their investment when commissioning assessments of their industrial control systems (ICS).
The guide provides an overview of the assessment process so users understand how to execute a ICS cyber security assessment. This guide also covers the process of planning an ICS cyber security assessment, including how to select testing areas. The test plan specifies the correct amount of detail to meet the needs of the asset owner while retaining the flexibility to use all the skills of the assessment team. The details of the actual testing process in this guide familiarise the asset owner with the steps and reasons behind the testing process. The reporting process for an ICS cyber security assessment is also covered in this guide.
In addition to explaining actual security testing, the pros and cons of a number of alternate vulnerability testing methods for ICSs are also considered so tests can be tailored to the specifics of the ICS and needs of the organisation.