ICS-COI

The Industrial Control System Community of Interest (ICS COI) is a UK community where knowledge of cyber security (and related safety information) can be exchanged to benefit the wellbeing of the UK. And it is the Community aspect that is the key in this new initiative.

The community recognises the benefit in creating a network that’s open to all organisations that have a vested interest in the improvement of ICS security and safety. This includes UK-based ICS operators, asset owners, security researchers, vendors, regulators, integrators, the UK government and academia.

Joining the group provides the following benefits:

The opportunity to share knowledge, expertise, and experience within a trusted ICS security community.

Building and maintaining ICS security and safety-related expertise within the UK.

Identifying new and emerging ICS security requirements.

The opportunity to work on complex cross sector ICS issues generated by the ICS COI Steering Group.

The ICS COI is managed by the Steering Group who agree membership, set direction, and foster wider collaboration on behalf of the COI with existing ICS-related groups. To ensure an even representation of those within the wider ICS COI, members of the Steering Group are drawn from NCSC, industry asset owners, ICS vendors and security researchers, local government departments and academia.

Current work within the COI includes The Workbook, a ‘living document’ that identifies common cyber security issues across the ICS community. We are currently progressing 12 workstreams within The Workbook, which cover key issues including, insider threat, supply chain, GPS, and crypt/secure communication.

Although the ICS COI has over 400 members with good representation from most sectors, we are always on the lookout for new members from across all sectors.

You need to be a member of the ICS COI to be able to contribute to the latest security and safety-related discussions, or to participate in Expert Groups.

To apply to become a member please click here

Steering Group Members

The ICS COI is managed by a Steering Group who agree membership, set direction, and foster wider collaboration on behalf of the COI with existing ICS-related groups.

The Steering Group also includes several NCSC Staff who fulfil multiple roles, including Government Chair.

Industry Members

Marie Caruso, Arcanum Cyber & NCSC i100 (SG Chair)
Colin Topping, Ginger Cat Cyber Security NCSC i100 (Industry Chair)
Paul Hingley, Siemens (Industry Deputy Chair)
Jonathan Evans, NCSC i100 (Secretariat)
Tony Burton, Thales
Jennifer Glaister, Drax
Ian Henderson, BP
Josie Houghton, Rolls-Royce
Paul Lee, National Gas
Philip Litherland, National Grid
Victor Lough, Schneider Electric
Matthew Morgan, Jacobs Engineering
Matt Shreeve, Nuclear Decommissioning Authority
John Speakman, Rockwell Automation

Academic Members

Chris Hankin, Imperial College London (Academic Deputy Chair)

Awais Rashid, Bristol University

Pete Burnap, Cardiff University

Government Members

Chris Johnson, Dept for Science, Innovation and Technology

Current ICS COI Members

Membership is drawn from NCSC, industry asset owners, ICS vendors and security researchers, local government departments and academia. These operate across a wide variety of sectors as shown in the below breakdown.

Total number of members: 400

ICS COI Events

Members of the ICS COI gain access to Lunch and Learn webinars (lasting 1.5 hours) and Quarterly themed events (lasting 3 hours).

Recent events have been on the subjects of Threat posed by OSINT, Secure backup and Recovery in OT, Zero Trust in OT and OT Cyber Security Strategy.

The following Lunch and Learn sessions are planned (usually scheduled 13:00 – 14:30):

9th October 2024 – Pen Testing vs Vulnerability Research

13th November 2024 – Research in CNI

27th November 2024 – Role of the Lead Government Department (LGD)

11th December 2024 – Regulatory Funding Cycles

15th January 2025 – ICS/OT Threat Briefs

12th February 2025 – Secure by Design in OT

The following Quarterly events are planned (usually scheduled from 10:00 – 13:00):

Autumn Quarterly – 6th November 2024

To attend these events, you must be a member of the ICS COI. To apply to become a member please click here.

Expert Groups

There are a number of Expert Groups focused on elements of OT cyber security that have been deemed a high priority for the community.

Members of the ICS COI form Expert Groups who come together to provide expert input, using experience, knowledge and skills. Members join as individuals (rather than corporates), bringing their own personal cyber security expertise. There are a number of active Expert Groups including:

Supply Chain (SCEG)

Monitoring & Logging (MLEG)

Boundary (BEG)

Security Testing (STEG)

Vulnerability Management (VMEG)

Identity & Access Management (IDAMEG)

How to Join an Expert Group:

If you would like to join an Expert Group, there is a 2 Stage process:

Stage 1 – You must be an existing member of the ICS COI community to join an Expert Group.

If you are not already a member of ICS COI, then please complete this Application Form.

The application process requires you to provide a short bio outlining your ICS and OT related experience. It will take up to 4 weeks for the necessary membership approval from the ICS COI Steering Group.

Stage 2 – When you have been accepted as a member of the ICS COI you will be able to apply to join an Expert Group using the following forms:

Supply Chain Expert Group (SCEG) – SCEG Application Form
Monitoring & Logging Expert Group (MLEG) – MLEG Application Form
Boundary Expert Group (BEG) – BEG Application Form
Security Testing Expert Group (STEG) – STEG Application Form
Vulnerability Management Expert Group (VMEG) – VMEG Application Form
Identity and Access Management Expert Group (IDAMEG) – IDAM Application Form

It will take up to 4 weeks for your Expert Group application to be assessed and approved by the ICS COI Steering Group.

Downloads & Guidance

The following ICS/OT guidance has been developed by the ICS COI members in co-ordination with NCSC.

Supply Chain guidance:

Guidance: Supply Chain Standards and Guidance Infographic

Guidance: Trusted Services Criteria Introduction Page – validating OT security through a trusted third party

Guidance: The use of SOC2 Trusted Services Criteria Mapping to CAF

Guidance: Developing Supply Chain Incident Response and Management within your organisation

Monitoring and Logging guidance:

Guidance: ICS/OT Logging and Monitoring

Guidance: Why you need to undertake Cyber Security Logging and Monitoring in an ICS/OT Environment

Guidance: What to Log and Monitor in ICS/OT Environments from a Cyber Security Perspective

Guidance: What to Log and Monitor in an ICS/OT Environment – Collection Management Framework Approach

Guidance: What to Log and Monitor in an ICS/OT Environment – Consequence Driven Engineered Approach

Guidance: How to Log and Monitor in ICS/OT Technology Environments

Guidance: How to Log and Monitor in ICS/OT Technology Environments – Admin Corp Example

Asset Management guidance:

Guidance: Visibility for ICS/OT Technology Environment Asset Management

Guidance: Asset Management within ICS/OT Technology Environments

Guidance: A Manual Approach to Asset Management in ICS/OT Environments

Securing the ICS/OT boundary guidance:

Guidance: The Management of Removable Media within ICS/OT Environments

Guidance: The Management of ICS and OT Field Devices

Incident Response guidance:

Guidance: Considerations for Cyber Incident Response Planning within ICS/OT

Guidance: Incident Response Planning for ICS/OT – Meet Admin Corp

ICS/OT General guidance:

Guidance: Resolving Anti-Patterns in ICS/OT Environments

Other downloads:

NCSC Cyber Assessment Framework (CAF) 3.2

The NCSC website also provides additional advice, guidance and other content aimed specifically at those with an interest in UK Critical National Infrastructure.

Want to become a Member of the ICS COI?

Although the ICS COI has over 400 members with good representation, we are always on the lookout for new members from all sectors.

As a member of the ICS COI you will have access to, and participation in, sharing knowledge, expertise and experience within a trusted ICS Security community.

There are also opportunities to work on some large, cross sector ICS issues identified by existing groups or generated by the ICS COI Steering Group; contributing to building and maintaining ICS Security (and safety related) expertise within the UK.

To apply to become a member please click here.

To contact the ICS COI team please email icscoi@ncsc.gov.uk