Industrial Control Systems Joint Working Group (ICSJWG)

The Cybersecurity and Infrastructure Security Agency (CISA) hosts the Industrial Control Systems Joint Working Group (ICSJWG) to facilitate information sharing and reduce the risk to the nation’s industrial control systems.

The ICSJWG provides a vehicle for communicating and partnering across all Critical Infrastructure (CI) Sectors between federal agencies and departments, as well as private asset owners/operators of industrial control systems. The goal of the ICSJWG is to continue and enhance the collaborative efforts of the industrial control systems stakeholder community in securing CI by accelerating the design, development, and deployment of secure industrial control systems.

CISA/ICSJWG developed a Fact Sheet for quick reference information about the ICSJWG: ICSJWG Fact Sheet.


ICSJWG Banner and Image

ICSJWG 2020 Spring Meeting Update

Due to recent travel restrictions and concerns surrounding COVID-19, the in-person ICSJWG 2020 Spring Meeting scheduled for April 14-15, 2020 is cancelled. We remind you that our next webinar is scheduled for June 10th, 2020.

On behalf of Cybersecurity and Infrastructure Security Agency (CISA), we apologize for any inconvenience. The agency has been monitoring the evolving COVID-19, also known as Coronavirus, situation closely, taking part in interagency and industry coordination calls, and working with critical infrastructure partners to prepare for possible disruptions to critical infrastructure that may stem from widespread illness, should the virus take hold in the U.S. You can find up-to-date information regarding these efforts at https://www.cisa.gov/coronavirus. Additionally, the agency issued a CISA Insights document titled, “Risk Management for Novel Coronavirus (COVID-19)” detailing steps to help executives think through physical, supply chain, and cybersecurity issues that may arise as a result of this ongoing public health concern, CISA.gov/insights.

We do hope to see you in September for the ICSJWG 2020 Fall Meeting.

Additional Information

There is no cost to attend any of these events.  However, travel, accommodations, meals, beverages, and other incidental expenses are the responsibility of the event participant and will NOT be covered by ICSJWG, CISA, or DHS.

For additional information, please contact us at ICSJWG.Communications@cisa.dhs.gov.

 


Previous Meeting Information

Please find agendas for previous meetings below.

Contact the respective author(s) directly for copies of presentations.  

Please contact us if you have questions.


ICSJWG Newsletters

If you would like to submit an article or whitepaper of general interest pertaining to control systems security, please send it to ICSJWG.Communications@cisa.dhs.gov for consideration. Submitted articles will be reviewed and approved by ICSJWG prior to publishing. Please note that marketing or sales presentations aimed at gaining the audience's interest in services, capabilities, or products cannot be approved.

Article submissions for the June 2020 edition are currently being accepted for review until June 12, 2020.

Copies of the current Newsletter and the previous three Quarter's Newsletters may be requested from ICSJWG.Communications@cisa.dhs.gov.


ICSJWG Products and Materials

NCCIC/ICSJWG Fact Sheet: ICS Cybersecurity for the C-Level (Six Questions Every C-Level Executive Should Be Asking).
 
"Common Industrial Control System Vulnerability Disclosure Framework" developed by the Vendor subgroup (July 2012).

ICSJWG Webinar Series

Our Webinar Series is designed to inform the membership and general public about solutions to threats, vulnerabilities, and risks to critical infrastructure and control systems. The search for outstanding and value-added topics is ongoing. Please feel free to send an abstract or short description of any webinar idea to ICSJWG.Communications@cisa.dhs.gov and the Program Office will add it to the topic queue for review and possible inclusion into the series.  Our intent is to have a webinar each quarter of the year.  Please note that marketing or sales presentations aimed at gaining the audience's interest in services, capabilities, or products cannot be approved.

Upcoming Webinars

Cybersecurity of Facility-Related Control Systems (FRCS) and the DoD CIO Risk Management Framework - June 10, 2020 from 1 p.m. to 2:15 p.m. EDT

This presentation will discuss using the NIST SP 800-82 Securing Industrial Control Systems Security Guide, the Cybersecuring FRCS Unified Facility Criteria (UFC) and Unified Facility Guide Specifications (UFGS), creating the Test and Development Environment (TDE), and Facility Security Operations Centers, new Contract Language, DoD ACI TTP’s.

The material covered will also discuss that all contractors/vendors doing business with the DoD must have a NIST SP 800-171 compliant Cyber Risk Management Plan (CRMP) for their business systems that have Controlled Unclassified Information (CUI) and will have initially self-attested. As of January, 2019 the Defense Contract Management Agency is responsible for ensuring contractor compliance.

Presenter

Dr. Michael Chipley, PMC Group

Dr. Chipley is a cybersecurity and engineering technical consultant working on Department of Defense projects and private sector clients supporting the federal government. He is a Contributor to the NIST SP 800-82 R2 Guide to Industrial Control Systems Security, the author of the Whole Building Design Guide Cybersecurity Resource page, creator of the DoD ESCTP Cybersecurity Resource page and has consulted on over 100 BCS cyber projects. He is currently providing Cybersecurity SME support to DoD, multiple ESPC and UESC contracts, and continues to develop policy, instructions, guidance, templates and checklists in support of cybersecuring Facility-Related Control Systems.

Registration for this event will open soon.

Past Webinars

Past webinar presentations which have been released are found below and may be requested from the Program Office through ICSJWG.Communications@cisa.dhs.gov. If they are still available, they will be forwarded to you upon request.

  • March 2020 – OT Needs 'Special Consideration' Which Means a Modified Approach to Security and True IT/OT Convergence to Achieve a Robust VM Program
  • November 2019 – Secure Operations Technology
  • July 2019 – Persistent Threat-Based Security for ICS Systems
  • March 2019 – Five Ways to Ensure the Integrity of Your Operations
  • September 2018 - The Top 20 Cyberattacks on Industrial Control Systems
  • January 2018 – Life After Ukraine: Industrial Control System Cybersecurity Industry Trends and Strategies
  • October 2017 – Creating Predictable Fail Safe Conditions for Healthcare Facility - Related Control Systems and Medical Devices by Use of System Segmentation
  • July 2015 – Protecting M2M Systems at the Edge
  • October 2014 – The New Paradigm for Information Security: Assumption of Breach
  • June 2014 – Online Real Time Monitoring for Change Identification
  • March 2014 – I Think, Therefore I Fuzz!

Membership in the ICSJWG

By adding you to our membership rolls, you will receive all outgoing messages to the ICSJWG community, including newsletters, meeting notifications, training information, calls for comments, and other announcements.

Volunteer participation, by contributing ideas, sharing information, or working toward solutions for CI security, is encouraged. To get involved supporting a working activity which addresses critical infrastructure security, please let us know your ideas and the ICJSWG Steering Team (IST) and Program Management Office (PMO) will consider them. To get involved with the ICSJWG in general, please contact us at ICSJWG.Communications@cisa.dhs.gov.