ICS-COI

The Industrial Control System Community of Interest (ICS COI) is a UK community where knowledge of cyber security (and related safety information) can be exchanged to benefit the wellbeing of the UK. And it is the Community aspect that is the key in this new initiative.

The community recognises the benefit in creating a network that’s open to all organisations that have a vested interest in the improvement of ICS security and safety. This includes UK-based ICS operators, asset owners, security researchers, vendors, regulators, integrators, the UK government and academia.

Joining the group provides the following benefits:

The opportunity to share knowledge, expertise, and experience within a trusted ICS security community.

Building and maintaining ICS security and safety-related expertise within the UK.

Identifying new and emerging ICS security requirements.

The opportunity to work on complex cross sector ICS issues generated by the ICS COI Steering Group.

The ICS COI is managed by the Steering Group who agree membership, set direction, and foster wider collaboration on behalf of the COI with existing ICS-related groups. To ensure an even representation of those within the wider ICS COI, members of the Steering Group are drawn from NCSC, industry asset owners, ICS vendors and security researchers, local government departments and academia.

Current work within the COI includes The Workbook, a ‘living document’ that identifies common cyber security issues across the ICS community. We are currently progressing 12 workstreams within The Workbook, which cover key issues including, insider threat, supply chain, GPS, and crypt/secure communication.

Although the ICS COI has over 400 members with good representation from most sectors, we are always on the lookout for new members from across all sectors.

You need to be a member of the ICS COI to be able to contribute to the latest security and safety-related discussions, or to participate in Expert Groups.

To apply to become a member please click here

Steering Group Members

The ICS COI is managed by a Steering Group who agree membership, set direction, and foster wider collaboration on behalf of the COI with existing ICS-related groups.

The Steering Group also includes several NCSC Staff who fulfil multiple roles, including Government Chair.

Industry Members

Marie Caruso, Arcanum Cyber & NCSC i100 (SG Secretariat)
Colin Topping, Rolls Royce & NCSC i100 (Industry Chair)
Paul Hingley, Siemens (Industry Deputy Chair)
Tony Burton, Thales
Ian Henderson, BP
Kevin Jones, Bayer
Paul Lee, National Gas
Philip Litherland, National Grid
Victor Lough, Schneider Electric
Matthew Morgan, Jacobs Engineering
Matt Shreeve, Nuclear Decommissioning Authority
John Speakman, Rockwell Automation

Academic Members

Chris Johnson, Queen’s University Belfast (SG Chair)

Chris Hankin, Imperial College London (Academic Deputy Chair)

Awais Rashid, Bristol University

Current ICS COI Members

Membership is drawn from NCSC, industry asset owners, ICS vendors and security researchers, local government departments and academia. These operate across a wide variety of sectors as shown in the below breakdown.

Total number of members: 400

ICS COI Events

Members of the ICS COI gain access to Lunch and Learn webinars (lasting 1.5 hours) and Quarterly themed events (lasting 3 hours).

Recent events have been on the subjects of Threat posed by OSINT, Secure backup and Recovery in OT, Zero Trust in OT and OT Cyber Security Strategy.

The following Lunch and Learn sessions are planned (usually scheduled 13:00 – 14:30):

6th March 2024 – ICS/OT CAF/NIS Auditing

20th March 2024 – Fine Tuning IDS in ICS/OT Threat Actors

24th April 2024 – PAM Within OT Networks

8th May 2024 – PAW Within OT Networks

22nd May 2024 – Deep Dive on ICS/OT Threat Actors

5th June 2024 – Research in CNI

19th June 2024 – XDR in ICS/OT

3rd July 2024 – Pentesting vs Vulnerability Research

17th July 2024 – Cyber Ranges for ICS/OT

The following Quarterly events are planned (usually scheduled from 10:00 – 13:00):

17th April 2024 – Spring Quarterly

24th July 2024 – Summer Quarterly

To attend these events, you must be a member of the ICS COI. To apply to become a member please click here.

Expert Groups

There are a number of Expert Groups focused on elements of OT cyber security that have been deemed a high priority for the community.

Members of the ICS COI form Expert Groups who come together to provide expert input, using experience, knowledge and skills. Members join as individuals (rather than corporates), bringing their own personal cyber security expertise. There are a number of active Expert Groups including:

Supply Chain (SCEG)

Monitoring & Logging (MLEG)

Boundary (BEG)

Security Testing (STEG)

Vulnerability Management (VMEG)

Identity & Access Management (IDAMEG)

How to Join an Expert Group:

If you would like to join an Expert Group, there is a 2 Stage process:

Stage 1 – You must be an existing member of the ICS COI community to join an Expert Group.

If you are not already a member of ICS COI, then please complete this Application Form.

The application process requires you to provide a short bio outlining your ICS and OT related experience. It will take up to 4 weeks for the necessary membership approval from the ICS COI Steering Group.

Stage 2 – When you have been accepted as a member of the ICS COI you will be able to apply to join an Expert Group using the following forms:

Supply Chain Expert Group (SCEG) – SCEG Application Form
Monitoring & Logging Expert Group (MLEG) – MLEG Application Form
Boundary Expert Group (BEG) – BEG Application Form
Security Testing Expert Group (STEG) – STEG Application Form
Vulnerability Management Expert Group (VMEG) – VMEG Application Form
Identity and Access Management Expert Group (IDAMEG) – IDAM Application Form

It will take up to 4 weeks for your Expert Group application to be assessed and approved by the ICS COI Steering Group.

Downloads & Guidance

The following guidance has been developed by the ICS COI members in co-ordination with NCSC.

ICS/OT Monitoring and Logging guidance:

Guidance: ICS/OT Logging and Monitoring

Guidance: Why you need to undertake Cyber Security Logging and Monitoring in an ICS/OT Environment

ICS/OT Asset Management guidance:

Guidance: Visibility for ICS/OT Technology Environment Asset Management

Guidance: Asset Management within ICS/OT Technology Environments

Guidance: A Manual Approach to Asset Management in ICS/OT Environments

ICS/OT Securing the ICS/OT boundary guidance:

Guidance: The Management of Removable Media within ICS/OT Environments

Guidance: The Management of ICS and OT Field Devices

ICS/OT General guidance:

Guidance: Resolving Anti-Patterns in ICS/OT Environments

Other downloads:

NCSC Cyber Assessment Framework (CAF) 3.1

The NCSC website also provides additional advice, guidance and other content aimed specifically at those with an interest in UK Critical National Infrastructure.

Want to become a Member of the ICS COI?

Although the ICS COI has over 400 members with good representation, we are always on the lookout for new members from all sectors.

As a member of the ICS COI you will have access to, and participation in, sharing knowledge, expertise and experience within a trusted ICS Security community.

There are also opportunities to work on some large, cross sector ICS issues identified by existing groups or generated by the ICS COI Steering Group; contributing to building and maintaining ICS Security (and safety related) expertise within the UK.

To apply to become a member please click here.

To contact the ICS COI team please email icscoi@ncsc.gov.uk