Megan Samford, ISAGCA Advisory Board Chairperson, testified to the United States Congress Committee on Transportation and Infrastructure on November 4, 2021, sharing her thoughts about Incident Command System for Industrial Control Systems (ICS4ICS). Megan testified on behalf of the International Society of Automation Global Cybersecurity Alliance (ISAGCA).
In her testimony, Megan stated that the private sector lacks a consistent, repeatable, and scalable framework to respond to day-to-day cyber incidents, as well as multi sector cyber incidents where the impact spans partners, suppliers, customers, as well as local, state, and federal government. The goal of ICS4ICS is to identify how the private sector can adopt portions of the National Incident Management System (NIMS) Incident Command System (ICS) to ensure coordinated, uniform and more effective cyber-incident response. Implementing ICS4ICS at-scale will help the United States more effectively coordinate cyber incident response and recovery efforts within the private sector, especially for critical infrastructure.
Megan described how the United States Department of Homeland Security (DHS) Cyber and Infrastructure Security Agency (CISA), along with ISAGCA member companies and organizations, established the public-private partnership to deliver the ICS4ICS cyber-incident response framework. She went on to say that the success of the program thus far indicates that it provides value for both the private sector as well as government. This is evidenced by the number of daily, active volunteers contributed by both the private sector and government.
Megan closed her testimony by sharing that we at the ISAGCA are pleased with the scale at which the ICS4ICS program is growing within the alliance, and that we recognize that in order to make it adoptable at scale, we need the bi-partisan support of the Congress to develop a path for the program to be transitioned to operations within the United States government.