ICSes are usually installed with a long service life expectancy. Some ICS equipment and devices will be operational for 20 to 30 years or sometimes even longer than that. From that perspective, things are pretty stagnant in most ICS installations. However, over an ICS's lifespan, major overhauls, process modifications, and business integration activities can have security implications for the ICS. Consequently, it is necessary to manage security through the entire ICS life cycle. Although ICS device life cycle management is a unique challenge, mainly because of the uptime and lifetime expectancies, it has key life cycle phases similar to those of many other life cycle programs. These phases are:
In the previous chapter, we discussed how software life cycle management should take security into consideration early in the application life cycle. This allows for an easier and more complete adaptation of security in the overall...