A KEY element of every industrial control system(ICS)cybersecurity program is awareness and training.However,the materials now used mostly target the information technology(IT)security community and,to a lesser extent,automation and control engineers.Hardly any content is relevant for people such as process and instrumentation engineers and operators who deal with operational technology(OT).A company must align awareness and training in its ICS cybersecurity program.Figure 1 shows the general structure of a typical program.At the heart of such a program is the risk register.It is a living document that feeds into the core elements of a cybersecurity program - governance,risk management,implementation and operations.In this article,we'll highlight various topics to underscore the awareness and training requirements for these core elements.While by no means a complete list,the subjects covered will draw attention to some key topics within ICS cybersecurity and the prevailing thought process in the industry.
展开▼