Companies should thoroughly understand their current security posture to determine system vulnerabilities and the actions required to address them. Within 10 years, the sector will help ensure that energy asset owners have the ability and commitment to perform fully automated security state monitoring of their control system networks with real-time remediation capability. |
 |
As security risks are identified, protective measures should be developed and applied to reduce system risks. Security solutions will be developed for legacy systems, but options will be constrained by the limitations of existing equipment and configurations. Within 10 years, next-generation control system components and architectures that offer built-in, end-to-end security will replace many older legacy systems. |
|
Because few systems can be made totally impervious to cyber attacks all the time, companies should possess sophisticated intrusion detection systems and a sound response strategy. Within 10 years, the energy sector will operate control system networks that automatically provide contingency and remedial actions in response to attempted intrusions into the control systems. |
|
Maintaining aggressive and proactive control system security over the long term will require a strong and enduring commitment of resources, clear incentives, and close collaboration among stakeholders. Over the next 10 years, energy asset owners and operators are committed to working collaboratively with government and sector stakeholders to accelerate security advances. |