2015: ICS "Sliding Scale of Cyber Security" Poster
The Fall 2015 poster champions the idea that Defense is Doable! In the face of numerous ICS focused threats this past year the community has grown significantly. But security requires nuance. The poster details the SANS ICS Curriculum and what categories of actions contribute to security. Along this sliding scale it is visually and easily apparent that security must be designed in and that the basics of network hygiene and architecture are vital. Good passive defense mechanisms such as smartly deployed and tailored tools build upon a good architecture to make a highly defensible ICS. In these conditions the ICS is much more defensible than traditional IT networks and ripe for active defense measures to identify, respond to, and learn from advanced adversaries. The SANS ICS poster offers models for each category along the scale as recommended best practices to ensure that our most valuable assets and infrastructure are secured by our most valuable resource - the defenders.
August 2015: The Sliding Scale of Cyber Security SANS Institute
- October 2015: Job Role to Competency Level Recommendation
An international consortium of ICS security professionals from oil & gas, electric power, manufacturing, and control system companies have developed an initial consensus on the key roles in ICS security, and the levels of knowledge/mastery required within those identified roles. This work should be important in helping senior management understand the value of various roles and skills throughout their critical ICS environments.
Initially developed through a series of meetings with an amazing group of ICS security professionals, where discussions focused on a number of workforce and governance related challenges facing their organizations. The SANS ICS team collected the feedback received from these initial meetings, and consolidated it into work products for industry review. These work products were further validated by working with an expanded group of industry representatives to discuss and review the consensus project and further refine the initial effort. The set of Draft work products were released to interested ICS stakeholders for review and comment. The feedback received was collected and consolidated into an easy-to-consume printable sheet for use in workforce planning meetings, training development, succession planning, career development, and team capability and maturity assessment efforts throughout the ICS community.
The SANS ICS Team would like to extend our appreciation to all involved in the consensus project for your contributions. Special thanks to; Sundance 2014 group, Sundance at Summit 2015 Group, Salim Scafuto, Muhammad Mohsin, Justin Opatrny, and the many others who were involved you know who you are!