Although it is possible to create a security program from scratch, adopting an existing guide or framework will help bring consistency to implementation and ensures that all your bases are covered. A widely adopted reference guide for implementing ICS cybersecurity is the NIST Special Publications 800-82 'Guide to Industrial Control System Security' document. The document provides guidance on how to secure Industrial Control Systems, while addressing their unique performance, reliability, and safety requirements. The document provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities of these systems, and provides recommended security countermeasures to mitigate the associated risks.
Chapter 4, Industrial Control System Risk Assessment, of the NIST document...