ISAGCA and ICS4ICS Announce Cybersecurity First Responder Credentialing Program

July 16, 2021

The ISA Global Cybersecurity Alliance (ISAGCA) and the Incident Command System for Industrial Control Systems (ICS4ICS) recently announced the release of a cybersecurity first responder credentialing program.

The ISA Global Cybersecurity Alliance has joined forces with the Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity response teams from more than 50 participating companies to adopt FEMA’s Incident Command System framework for response structure, roles, and interoperability. This is the system used by First Responders globally when responding to hurricanes, floods, earthquakes, industrial accidents, and other high impact situations.

Incident Command Systems have been tested over more than 30 years of emergency and non-emergency applications, throughout all levels of government and within the private sector.

The ICS4ICS approach guides companies, organizations, and municipalities in identifying an incident, assessing damage, addressing immediate challenges, communicating with the right agencies and stakeholders, and resuming day to day operations. The framework applies traditional Incident Command Systems best practices to cybersecurity incidents, ensuring common terminology and enabling diverse incident management and support entities to work together. ICS4ICS provides clearly defined command structures, including standard roles needed in a response, and the framework can scale to support small or extremely large-scale incidents that impact many organizations.

“For many years, we’ve needed ICS4ICS, to enable collectively organized cyber and physical responses in a unified way. Credentialing cybersecurity first responders is an important milestone in this valuable public-private partnership,” said ISAGCA Advisory Board chairperson and ICS4ICS leader Megan Samford, VP and Chief Product Security Officer of Schneider Electric’s energy management business. “We’ve developed an adjudication process and certified our first four responders. I’m proud to be one of them and stand ready to help companies recover from cyber incidents.”

The adjudication process, managed by a formal committee within ICS4ICS, consists of an application process and panel of incident command system (ICS) subject matter experts who evaluate the candidate’s submittal. The inaugural round of credentialing recognizes these cybersecurity experts:

  •    –   Mark Bristow, Branch Chief of Cyber Defense Coordination at CISA, whose 15-year career with US government cybersecurity agencies includes responses to incidents ranging from Ukraine cyberattacks to attempts by Russian government hackers to intrude on energy equities
  •    –   Neal Gay, Senior Manager of Managed Defense/Industrial Control Systems at FireEye
  •    –   Megan Samford, ISAGCA Chairperson; VP and Chief Product Security Officer of Schneider Electric’s energy management business
  •    –   Brian Wisniewski, US Army Reserve

Interested companies and organizations can engage with ICS4ICS to learn how they can participate in this multilateral preparedness scheme for responding to cyber incidents. There are no membership requirements to participate, and we are seeking broad engagement from both the private and public sectors. The proven approach is vetted by industry companies and subject matter experts and the program has significant value for small to medium sized entities that do not have the time, finances, or personnel to assign a full-time cyber response unit, but still need to develop plans and train employees accordingly.

ISAGCA recently released a blog article on ICS4ICS entitled, “Addressing the Downstream Effect of a Cyber Attack,” as well as the webinar, “ICS4ICS Stands Up ICS Incident Response System 2021,” featuring Neal Gay.


Related Articles

Editor’s Pick: Featured Article

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s scalable engineering software, u-control 2000, adapts individually to your requirements. And, the u-control is powerful, compact and fully compatible with Weidmüller’s I/O system u-remote. This article looks at what makes u-control the heart of your automation.

Programmable logic controllers (PLCs) are one of the main components of any automated system. A typical control system has inputs, outputs, controllers (i.e., PLCs), and some type of human interaction with the system, a human machine interface (HMI), for example.

Read More

Latest Articles

  • What Are Control Circuit Devices? Noark Electric Explains

    September 29, 2023 A Control Circuit Device regulates and manages the operation of an electrical circuit by turning on or off the circuit. The control device regulates or limits the condition within the circuit by controlling the voltage and current.  Examples of control circuit devices used are switches, solenoids, and relays. Noark is a reliable manufacturer of… Read More…

  • 2023 Innovations from Festo at CMTS: CMMT-MP and CPX-AP-A

    2023 Innovations from Festo at CMTS: CMMT-MP and CPX-AP-A

    September 22, 2023 By Krystie Johnston Festo is a leading supplier of pneumatic and electrical automation technology. The company tirelessly innovates products and solutions to improve operations for factories and process automation. Festo’s 2023 innovations include their CPX-AP-A remote I/O, CMMT MP servo drive, and their portfolio of productivity tools. Festo’s New CPX-AP-A: One Integration… Read More…