The first exercise of Incident Command System for Industrial Control Systems (ICS4ICS) capabilities was conducted at S4 on April 18, 2022. The exercise was attended by over 300 people who provided very positive feedback and suggestions to improve future exercises. The attendees said that the ICS4ICS process will be extremely valuable, particularly as the complexity of cybersecurity incidents continue to increase and cause greater impact to critical infrastructure. Megan Samford summarized the results of the ICS4ICS Exercise, which can be viewed here.
There are two videos from the ICS4ICS exercise:
- The first part of the ICS4ICS Exercise explains how the incident was declared and the steps taken by the ICS4ICS team to manage the incident.
- The second part of the ICS4ICS Exercise provides more details about how the incident evolves and how the ICS4ICS team responds to a ransomware request.
We appreciate your feedback and any suggestions to improve the ICS4ICS process and/or the ICS4ICS exercise. If you have any feedback, please send it to bpeterson@isa.org.
We Need Your Help
We are working to deploy and improve the ICS4ICS program and need your help in the following areas:
- Update the ICS4ICS Exercise materials used at S4 to ensure they can be used globally.
- We are seeking more volunteers to work with several groups to conduct ICS4ICS exercises in numerous countries and industry sectors.
- Create the next version of ICS4ICS that addresses more complex, Type 2 incidents impacting multiple assets/sites for a company. We will also add mutual aid processes, IT recovery for the ICS4ICS, and many other capabilities.
- Presenting ICS4ICS at various events to create awareness about the program.
- Obtaining credentials to perform various ICS4ICS roles.
- If you are interested in receiving more information about ICS4ICS, please sign-up for the newsletter by emailing Brian Peterson at bpeterson@isa.org.
If you would like to help with these efforts, please complete the form located here.
About ICS4ICS
The ISA Global Cybersecurity Alliance has joined forces with the Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity response teams from more than 50 participating companies to adopt FEMA's Incident Command System framework for response structure, roles, and interoperability. This is the system used by First Responders globally when responding to hurricanes, floods, earthquakes, industrial accidents, and other high impact situations.
The ICS4ICS approach guides companies, organizations, and municipalities in identifying an incident, assessing damage, addressing immediate challenges, communicating with the right agencies and stakeholders, and resuming day to day operations.
The adjudication process, managed by a formal committee within ICS4ICS, consists of an application process and panel of incident command system (ICS) subject matter experts who evaluate the candidate’s submittal. Interested companies and organizations can engage with ICS4ICS to learn how they can participate in this multilateral preparedness scheme for responding to cyber incidents. There are no membership requirements to participate, and we are seeking broad engagement from both the private and public sectors.