Incident response in an industrial control system (ICS) environment poses unique challenges. Detection, forensics and eradication need alternative processes, and often different tools, than the processes used in regular off the shelf systems. Additionally, these control systems are often used in various parts of critical infrastructure, and attacks on these systems can cause physical damage. They are often tightly integrated or even run by the system vendor, increasing process complexity and the need for common processes and exercises.
Creating processes and best practices for incident response, and prioritization of tasks in these environments is vital. In this SIG we bring together expertise from several sectors, from research environments and vendor PSIRTs to create processes, best practices and incident response support recommendations and package useful open source tools for the ICS environments.
We have the following goals: