Abstract: There is described a digital agent for monitoring of cybersecurity-related events in an industrial control system. The digital agent being residable in a host. The digital agent includes a module for monitoring behavioral data of the host, such as violation of security policy, system usage metric, etc. The digital agent also includes a module for recording behavior baseline of the host, such as operating system, operating system version, firewall status etc. In addition, the digital agent includes an agent state machine for monitoring the CPU load and/or memory usage of the host. Further, the digital agent includes an agent communication module for transmitting monitored data to an analysis unit external to the industrial control system.

Abstract: A method is for monitoring an industrial control system. The method comprises collecting data from one or more sources external to the industrial control system; collecting data from one or more internal sources on the industrial control system; aggregating data collected from said internal sources or from said external sources; correlating said collected data by analyzing and interpreting said collected data in view of previously collected data so as to monitor the security of the industrial control system. An apparatus is for performing the method.

Abstract: A method is for responding to a cyber-attack-related incident against an industrial control system environment. The method includes collecting data and information from internal sources on the industrial control system collecting data and information from sources external to the industrial control system aggregating the data and information collected from internal and external sources into one or more databases and knowledge bases and comparing the collected data and information to previously collected data and information so as to formulate a response to a detected cyber-attack-related incident against the industrial control system. There is also described a system for responding to a cyber-attack-related incident against an industrial control system environment.

Abstract: A method is for monitoring an industrial control system. The method comprises collecting data from one or more sources external to the industrial control system; collecting data from one or more internal sources on the industrial control system; aggregating data collected from said internal sources or from said external sources; correlating said collected data by analyzing and interpreting said collected data in view of previously collected data so as to monitor the security of the industrial control system. An apparatus is for performing the method.