Critical touchpoints for cybersecurity professionals
Stay ahead of the evolving threat landscape .
Read MoreWelcome to the new 114 cyber warriors who joined us last week. 🥳 Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA23 keynote stage.
Keep up with our weekly newsletters on LinkedIn, Subscribe here.
Incident Command System for Industrial Control Systems (ICS4ICS).
It’s a command system designed to improve the global capabilities of Industrial Control System cybersecurity.
It leverages the Incident Command System (ICS) outlined by FEMA, which is used by first responders around the world when they respond to high-impact events – from road traffic accidents and industrial accidents to fires, hurricanes, earthquakes, and more.
The ICS has been used and tested for over 30 years in emergency response situations, by governments and private sector organisations.
And ICS4ICS takes this system into cybersecurity. In July 2021, ICS4ICS announced that four people had obtained their Incident Commander credentials through the very first cybersecurity first responder program.
One of those four people was Megan Samford, who had a background in critical infrastructure protection and emergency management. She worked for the US Governor’s Office of Virginia, before a hiring manager on the Product Security Incident Response team at General Electric encouraged her to apply for a cybersecurity role.
Samford is coming to speak at Black Hat MEA 2023 – and we interviewed her this week.
“Going back to when I worked in government and gained experience in emergency management, I also gained experience in a system used across all federal state and local governments, and really most first responders in the world: incident command system.
“Incident Command System for Industrial Control Systems (ICS4ICS) is designed to improve global Industrial Control System cybersecurity incident management capabilities leveraging the Incident Command System for response structure, roles, and interoperability.”
Here’s what Samford told us:
Do you think cybersecurity professionals are disaster responders?
1. Yes, absolutely vote
2. No…not really vote
Something that’s really interesting about ICS4ICS is that it’s not a static theoretical framework, delivered from the people at the top of an organisation to the people at the bottom.
Instead, it’s a system that has been developed from years of real work, and real emergency response – and it relies on the experience and input of real emergency responders and cybersecurity professionals.
As Samford said,
“I have a great group of peers in the industry that support me and I try to support them. To have friends, you have to be a good friend, and I think the ICS Cybersecurity community is very much like that; if you put in and give to this community, it will give back to you.”
ICS4ICS recognises that cybersecurity is, at its core, a field of disaster response. And that means that the established and functional practices for responding to disaster in other, non-cyber settings can be hugely valuable to cyber attack responders.
Read our full interview with Megan Samford: Is cybersecurity a disaster science?
Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 4 October 2023.
Catch you next week,
Steve Durning
Exhibition Director
P.S. - Mark your calendars for the return of Black Hat MEA from 📅 14 - 16 November 2023. Want to be a part of the action?
Join the newsletter to receive the latest updates in your inbox.
Stay ahead of the evolving threat landscape .
Read More3 organisations working to strengthen cybersecurity governance.
Read More