The Security Testing Expert Group (STEG) takes the role of producing documentation that outlines best practices and approaches towards security testing within Operational Technology (OT) environments. The documentation is the combined input of multiple experts within the industry, with the intention of acting as guidance for the NCSC and ICS community of Interest (COI).
The STEG focuses upon the testing of Industrial Control Systems (ICS) such as SCADA, DCS, PLC and HMIs, with considerations of the full Purdue stack put in place. This includes taking into consideration the risk limitations and practicality of being able to perform tests within sensitive environments, where representative live environments may be the preferred method.
How to Join the STEG:
If you would like to join an Expert Group, there is a 2 Stage process:
Stage 1 – You must be an existing member of the ICS COI community to join an Expert Group.
If you are not already a member of ICS COI, then please complete this Application Form.
The application process requires you to provide a short bio outlining your ICS and OT related experience. It will take up to 4 weeks for the necessary membership approval from the ICS COI Steering Group.
Stage 2 – When you have been accepted as a member of the ICS COI you will be able to apply to join the STEG using the following form:
- Security Testing Expert Group (STEG) – STEG Application Form
It will take up to 4 weeks for your Expert Group application to be assessed and approved by the ICS COI Steering Group.
You will find further information about the ICS COI here.