Managing incident response in the industrial internet of things

Abstract

Industrial control systems (ICS) are an essential element of critical national infrastructure, often managing processes and utilities that are essential to a nation's wellbeing and prosperity. These systems are increasingly the target of cyber attacks, and thus are required to adopt a stronger cyber defence posture. The integration of industrial internet of things (IIoT) devices with existing, proprietary operational technology (OT) poses new challenges to incident responders operating in these heterogeneous environments. This paper explores the characteristics of ICS and considers them within an established incident response framework. We conclude that existing incident response processes are applicable to ICS. We recommend that these models be developed and tested within synthetic environments to quantify antagonistic impacts, drive architectural improvements and increase incident response investment.