Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 9 December, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

New report from CREST highlights the need to improve cyber security in Industrial Control Systems

by The Gurus
June 29, 2017
in Editor's News
Share on FacebookShare on Twitter

There is a pressing need to improve cyber security in Industrial Control System (ICS) environments to avoid future breaches that could impact critical national infrastructure concludes CREST, the not-for-profit accreditation body representing the technical information security industry, in its latest position paper, ‘Industrial Control Systems: Technical Security Assurance’.  The report highlights a number of challenges and suggests that more technical security testing has a significant role to play in ensuring higher levels of security assurance are met.
 
The report draws on the diverse views of the Industrial Control Systems and technical security communities and proposes a model for gaining greater assurance in ICS environments. It was based on the findings of a research project – which looked to set out the main challenges and possible solutions for protecting Industrial Control Systems, many of which are based on legacy technologies.
 
One of the key findings in the report is the absence of periodic standards-based technical security testing that is commonplace in many other industries. Because of this, ICS environment owners and operators have no objective way of knowing whether cyber risk is being adequately managed and at present there is no definitive standard for testing ICS environments that is mandated by regulatory bodies. The fact that ICS environments are rapidly changing also leads to a higher degree of exposure.
 
“ICS environment owners require assurances that risk is being identified, assessed and evaluated. Above all else they need to know that there are appropriate measures in place to manage and mitigate risk,” explained Ian Glover, president of CREST. “Research on the project has helped to identify the high-level characteristics of a practical technical security testing approach and organisations should consider how this could add value and protection. It is clear that ICS environments are more sensitive than conventional IT environments and any penetration testing of systems needs to be planned and undertaken with a high degree of trust, skill and caution.”
 
“This position paper is supporting the work CREST is doing in many parts of the critical national infrastructure in the roll out of intelligence led penetration testing,” added Glover.
 
The UK National Cyber Security Centre (NCSC), commented. “We believe this paper provides a valuable contribution to the current thinking on this challenging topic and we look forward to working with CREST, as well as ICS operators and the cyber security industry in order to make the UK the safest place to live and do business online.”
 
The position paper is for organisations in both the private and public sector and is mainly targeted at IT managers, information security managers and technical security testing specialists. It will also be of interest to process engineers, safety specialists, business managers, procurement specialists and IT auditors.
 
CREST is now looking to expand on this initial ICS research to develop detailed guidance material that can be used by specialist to help secure ICS environments and in particular those that make up the Critical National Infrastructure. You can look at the full report here: http://www.crest-approved.org/wp-content/uploads/CREST-Industrial-Control-Systems-Technical-Security-Assurance-Position-Paper.pdf

FacebookTweetLinkedIn
Tags: ControlCyberindustrialsecurityTechnology
ShareTweet
Previous Post

Neuroscience and security: your thoughts are safe (for now)

Next Post

Community Led Threat Prevention

Recent News

New Synopsys Report Reveals Application Security Automation Soars

December 5, 2023
Over 80% of IT Leaders Want to Move Their On-Prem PAM Solution to the Cloud

Over 80% of IT Leaders Want to Move Their On-Prem PAM Solution to the Cloud

December 5, 2023
Centripetal real logo

Centripetal Announces Partnership With Tiger to Provide Cybersecurity Innovation to the UK Market

December 7, 2023
Google bins inactive accounts

Google bins inactive accounts

December 1, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information