This poster serves as a crucial resource for Chief Security Officers (CSOs), Chief Information Security Officers (CISOs), VP of Engineering, and others responsible for ICS cybersecurity and safety. It emphasizes the leaders' roles in bridging departmental gaps, managing unique engineering security challenges, and prioritizing safety alongside cybersecurity. This resource highlights the importance of fostering a strong safety culture, integrating ICS-specific security awareness programs, and addressing human risks, which contribute to 80% of breaches. It outlines the distinct differences between IT and ICS, stressing that ICS security should prioritize safety and real-time control system operations. The poster also advocates for dedicated ICS-specific training modules to enhance cybersecurity programs, evolve organizational culture, and ensure the safety and reliability of industrial operations. CSOs are encouraged to develop specialized ICS security awareness initiatives, leverage ADKAR cultural change management model for continuous improvement, and maintain vigilant, role-specific security practices to safeguard critical infrastructure effectively.
For additional guidance on how CSOs can align their security programs and safety culture with an industrial focus and prioritization, download the SANS Strategy Guide: ICS Is the Business.