An incident is an event that could lead to loss of, or disruption to, an organization's operations, services or functions. Incident management (IcM) is a term describing the activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurrence.

Information Sharing is critical in many ways but, in its simplest sense, the more a defender knows, and the faster the defender knows, the more likely appropriate action can be taken to prevent or limit an attack.

Implementing OT monitoring is costly in both software and implementation. For any large utility, the cost would be in the low millions, and time to implement is multi-year but can be done in a phased approach, network by network. The passive component of this approach only “listens” to network traffic in an unobtrusive way, and then interprets the network traffic based on a very deep understanding of complicated assets. The active component of this approach pings assets in order to obtain a deeper understanding of what is happening in real-time.

IT Network Monitoring is the capability to monitor devices on the Enterprise/IT side of the utility – which includes all business functions not directly related to running the grid on a real-time basis. This would include email, planning processes, customer billing, non-critical operations , etc. These functions exist in most businesses and directly rely on Internet connectivity – the main initial attack vector. Notably, more and more devices are being connected to IT/Enterprise networks due to the exponential increase in devices employees bring to work and connect to the Internet, as well as other low-cost devices that can provide business value (e.g., sensors).

Historically, the fact that the grid was delivering electricity to customers was considered sufficient (a so called “run-to-failure” management approach). Over the years, SCADA systems have been increasingly deployed to collect basic of data regarding what is happening in the grid.

Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network.