What is the Role of Incident Response in ICS Security Compliance?
Incident response and its data-driven nature can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.
Regulatory compliance in industrial environments creates unique challenges that can’t be found in traditional IT settings. A major source of this complexity originates from the pre-Internet, largely proprietary nature of industrial control system (ICS) networks, specifically their lack of open computing standards, which are taken for granted in IT networks. These closed ICS networks are very hard to upgrade and even harder to maintain in compliance with state, federal, and industry regulations.
Moreover, most ICS networks lack built-in security components, such as automated asset management, proactive security monitoring, and real-time threat analysis and prevention. In addition to this, most applicable regulations and guidelines apply to verticals such as healthcare and energy and cover ICS only either indirectly or at a very high level.
Read the entire article here.