ICS Community of Interest

Vulnerability Management Expert Group

The role of the Vulnerability and Monitoring Expert Group (VMEG) is to provide expert input and guidance to the NCSC and the ICS Community of Interest with regard to the management of vulnerabilities within Operational Technology (OT). This includes, for example, Industrial Control Systems (ICS) such as SCADA, DCS, PLC and HMIs, in addition to traditional IT assets operating within the lower levels of the Purdue stack.

The VMEG is focused upon producing guidance and relevant good practices, around effective management of vulnerabilities within an operational environment requiring asset owners to identify, prioritise and mitigate risks, to reduce the likelihood of exploitation and ensuring the safety and reliability of essential services are maintained.

How to Join the VMEG:

If you would like to join an Expert Group, there is a 2 Stage process:

Stage 1 – You must be an existing member of the ICS COI community to join an Expert Group.

If you are not already a member of ICS COI, then please complete this Application Form.

The application process requires you to provide a short bio outlining your ICS and OT related experience.  It will take up to 4 weeks for the necessary membership approval from the ICS COI Steering Group.

Stage 2 – When you have been accepted as a member of the ICS COI you will be able to apply to join the VMEG using the following form:

It will take up to 4 weeks for your Expert Group application to be assessed and approved by the ICS COI Steering Group.

You will find further information about the ICS COI here.