Industrial Control Systems Joint Working Group (ICSJWG)

The Cybersecurity and Infrastructure Security Agency (CISA) hosts the Industrial Control Systems Joint Working Group (ICSJWG) to facilitate information sharing and reduce the risk to the nation’s industrial control systems.

The ICSJWG provides a vehicle for communicating and partnering across all Critical Infrastructure (CI) Sectors between federal agencies and departments, as well as private asset owners/operators of industrial control systems. The goal of the ICSJWG is to continue and enhance the collaborative efforts of the industrial control systems stakeholder community in securing CI by accelerating the design, development, and deployment of secure industrial control systems.

CISA/ICSJWG developed a Fact Sheet for quick reference information about the ICSJWG: ICSJWG Fact Sheet.

ICSJWG Banner and Image

ICSJWG 2020 Meetings 

Next Meeting

The next meeting, scheduled for early 2020, will have the date and location announced as soon as possible.

New Events for the past Fall Meeting and Beyond

Three new events were introduced during the ICSJWG 2019 Fall Meeting: a technical boot camp, a technical Capture the Flag (CTF) challenge, and brainstorming sessions. These events offered an opportunity for greater interaction among asset owners, integrators, vendors, and government representatives over the course of the meeting.

Becoming an ICS Cyber Analyst was an all-day technical boot camp, taught on the first day of our meeting.  This formative session was dedicated to getting started in ICS cyber analysis. The information is specifically designed for IT cyber analysts who are looking to transition into OT environments as well as for OT engineers who are looking to get started in cyber security; however, analysts of all backgrounds and experience levels were welcome.

The Capture the Flag activity was available all-day Wednesday and Thursday morning. The CTF was designed to expose analysts to hunting across ICS networks for malicious behavior, with puzzles appropriate for both the beginner and the experienced analyst. Challenges included artifacts generated from IT/OT host forensic data, network data (from both bro logs and pcap), and OT equipment actively being exploited by a threat actor.

The Brainstorming Sessions were moderated discussions held each day, intended to provide an equal voice to input from all participants regarding challenges we all face. The first session on Tuesday was dedicated to identifying tools and capabilities that are needed for cyber defense of ICS networks. The second session on Wednesday was focused on more effectively collecting and acting on feedback from asset owner operators, integrators, and vendors supporting the nation’s critical infrastructure. Finally, on Thursday, the session was dedicated to exploring new threats facing America’s critical infrastructure.

Additional Information

There is no cost to attend any of these events.  However, travel, accommodations, meals, beverages, and other incidental expenses are the responsibility of the event participant and will NOT be covered by ICSJWG, CISA, or DHS.

For additional information, please contact us at


Previous Meeting Information

Please find agendas for previous meetings below.

Contact the respective author(s) directly for copies of presentations.  

Please contact us if you have questions.

ICSJWG Newsletters

If you would like to submit an article or whitepaper of general interest pertaining to control systems security, please send it to for consideration. Submitted articles will be reviewed and approved by ICSJWG prior to publishing. Please note that marketing or sales presentations aimed at gaining the audience's interest in services, capabilities, or products cannot be approved.

Article submissions for the December 2019 edition are currently being accepted for review until December 9, 2019.

Copies of the current Newsletter and the previous three Quarter's Newsletters may be requested from

ICSJWG Products and Materials

NCCIC/ICSJWG Fact Sheet: ICS Cybersecurity for the C-Level (Six Questions Every C-Level Executive Should Be Asking).
"Common Industrial Control System Vulnerability Disclosure Framework" developed by the Vendor subgroup (July 2012).

ICSJWG Webinar Series

Our Webinar Series is designed to inform the membership and general public about solutions to threats, vulnerabilities, and risks to critical infrastructure and control systems. The search for outstanding and value-added topics is ongoing. Please feel free to send an abstract or short description of any webinar idea to and the Program Office will add it to the topic queue for review and possible inclusion into the series.  Our intent is to have a webinar each quarter of the year.  Please note that marketing or sales presentations aimed at gaining the audience's interest in services, capabilities, or products cannot be approved.

Upcoming Webinars

Secure Operations Technology - November 13, 2019 from 1 p.m. to 2:15 p.m. EST

Most OT security programs seek to "protect the information" - the CIA, AIC, IAC, or something of the information. Thoroughly-secured industrial sites though, do not "protect the information." Instead, such sites protect physical industrial operations from information, more specifically from cyber attacks that may be embedded in information. All cyber attacks are information after all, and every bit of information can encode an attack.

Secure Operations Technology is a perspective, a methodology, and a set of best practices used by thoroughly-secured sites - in addition to classic IT-SEC techniques. Since all cyber attacks are information, a comprehensive inventory of offline and online information flows into the critical network is also a comprehensive inventory of all possible attack vectors targeting the network. SEC-OT sites then take measures to physically block or otherwise discipline the entire inventory of inbound information/attack flows.

Presenter Andrew Ginter of Waterfall Security Solutions

Andrew Ginter leads a team responsible for industrial cyber-security research, contributions to standards and regulations, and security architecture recommendations for industrial sites. He is a coauthor of the Industrial Internet Consortium Security Framework and the author of a number of volumes, most recently, Secure Operations Technology (SEC-OT).

To register for this webinar, please send an email with your name, company, and sector from a work-related email address to

Past Webinars

Past webinar presentations which have been released are found below and may be requested from the Program Office through If they are still available, they will be forwarded to you upon request.

  • July 17, 2019 – Persistent Threat-Based Security for ICS Systems
  • March 2019 – Five Ways to Ensure the Integrity of Your Operations
  • September 2018 - The Top 20 Cyberattacks on Industrial Control Systems
  • January 2018 – Life After Ukraine: Industrial Control System Cybersecurity Industry Trends and Strategies
  • October 2017 – Creating Predictable Fail Safe Conditions for Healthcare Facility - Related Control Systems and Medical Devices by Use of System Segmentation
  • July 2015 – Protecting M2M Systems at the Edge
  • October 2014 – The New Paradigm for Information Security: Assumption of Breach
  • June 2014 – Online Real Time Monitoring for Change Identification
  • March 2014 – I Think, Therefore I Fuzz!

Membership in the ICSJWG

By adding you to our membership rolls, you will receive all outgoing messages to the ICSJWG community, including newsletters, meeting notifications, training information, calls for comments, and other announcements.

Volunteer participation, by contributing ideas, sharing information, or working toward solutions for CI security, is encouraged. To get involved supporting a working activity which addresses critical infrastructure security, please let us know your ideas and the ICJSWG Steering Team (IST) and Program Management Office (PMO) will consider them. To get involved with the ICSJWG in general, please contact us at