Chris tells you the why's and how's to create and exercise an incident response plan for an ICS cyber incident. Some of the information would apply to any cyber incident response plan, and the really valuable info is how to tailor it for ICS and some examples of what Chris has seen in his ICS incident response experience.
Questions to consider and discuss:
1. What would be some of the most efficient detection measures in your ICS? (By efficient I mean where you get the best detection information for the next dollar or hour spent on detection. Low false positives, low manpower requirements, low cost to purchase and deploy)
2. What roles would you have on your ICS Incident Response team and what other resources may you call on to help with the incident?
3. Chris mentioned donuts ... what's your best tip for talking with and learning from Operations? with IT and IT security?