6. Introduction to the IACS Cybersecurity Lifecycle

Question 1

List THREE Stages of the IACS Cybersecurity Life Cycle

Answer 1

Assess

Develop and Implement

Maintain

Question 2

Describe the Assess Phase

Answer 2

A zone is assigned a target security level (SL-T)

Question 3

Describe the Develop and Implement Phase

Answer 3

Countermeasures are implemented to meet the target security level (SL-T)

Question 4

Describe the Maintain Phase

Answer 4

Ensures the achieved security level (SL-A) is better or equal to the target security level (SL-T)

Countermeasures are audited/tested and upgraded if necessary to maintain (SL-A)

Question 5

What THREE activities take place during the assess phase?

Answer 5

Initial/High Level Risk Assessment

Allocation of IACS assets to security zones and conduits

Detailed cyber risk assessment

Question 6

What THREE activities take place during the Develop and Implement phase?

Answer 6

Requirements specification

Design and engineering of countermeasures

Installation comissioning and validation of countermeasures

Question 7

What TWO activities take place during the maintain phase?

Answer 7

Cybersecurity maintenance monitoring, and management of change

Cyber incident response and recovery

Question 8

Describe TWO continuous processes

Answer 8

Cybersecurity management sytstem: Policies, Procedures, Training & awareness

Periodic cybersecurity audits