If one was to take a poll on how many industrial operators have a Cyber Incident Response Plan (CIRP) there would be an alarming number of organizations that fail to even realize the need. When I ask my customers about Industrial Control Systems Cyber Incident Response Planning the opinions are clearly polarized. Most of my clients usually mumble through a loose interpretation on what sometimes sounds like their Emergency Response Plan that was created for the purpose of safety. The other answer that I get is that it’s something that they need to look at in the undetermined future. This scares me, cause what it says to me is “We’re gonna wait till we have an incident and then we will react to that by creating a plan for next time!”. Creating an effective cyber incident response plan may seem like a daunting task and like most insurance it’s often forgotten till it’s too late.
This may be my tallest soap box but I am truly concerned that possibly 90% of critical infrastructure outside of power generation is not ready to respond to a cyber incident. In an effort to provide direction to the answer rather than join the normal group of armchair quarterbacks I have researched some of more successful incident responses and think one should begin with focus on the Command structure.