On July 7, 2020, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), the federal civilian agency responsible for advising critical infrastructure (CI) partners on how to manage industrial control systems (ICS) risk, revealed a five-year plan titled Securing Industrial Control Systems: A Unified Initiative FY 2019–2023 to address the challenges posed by protecting critical infrastructure networks from hackers.[1] ICS is a term used to describe different types of control systems which include the devices, systems, networks, and controls used to operate or automate industrial processes. ICS underpin everything from power grids to oil and gas pipelines. According to CISA, cyberattacks on ICS can "result in significant physical consequences, including loss of life, property damage, and disruption of the essential services and critical functions upon which society relies.” CISA’s plan lays out a four-part initiative to secure ICS against cyber threats. The four parts are: (1) deepen existing partnerships while expanding the scope of activities with the broader ICS community; (2) develop and use technology to mature ICS cyber defense; (3) build “deep data” capabilities to analyze and deliver information the can be used to disrupt cyberattacks; and (4) enable informed and proactive security investments by understanding and anticipating ICS risk.
[1] https://www.cisa.gov/publication/securing-industrial-control-systems