The Agile Incident Response for Industrial Control Systems (AIR4ICS) framework
View/ Open
Volume
109
Pagination
102398 - ?
Publisher
DOI
10.1016/j.cose.2021.102398
Journal
Computers & Security
ISSN
0167-4048
Metadata
Show full item recordAbstract
Cyber incident response within Industrial Control Systems (ICS) is characterised by high levels of uncertainty and unpredictability and requires a multi-disciplined team that encompasses personnel business operations, Operational Technology (OT), IT, security operations and media engagement to be effective. Such teams require a dynamic decision framework to allow ICS operators to maintain services during the recovery of full operating capability. There is empirical evidence that static incident response playbooks do not provide enough flexibility in their definition to support situations outside of the scope of their initial definition, and that they have been ignored when cyber incidents have occurred. A thematic analysis of semi-structured interviews with ICS incident response professional identified three main areas of concern: communication, information sharing between knowledge areas, and achieving external buy-in.