Abstract: A method is for monitoring an industrial control system. The method comprises collecting data from one or more sources external to the industrial control system; collecting data from one or more internal sources on the industrial control system; aggregating data collected from said internal sources or from said external sources; correlating said collected data by analyzing and interpreting said collected data in view of previously collected data so as to monitor the security of the industrial control system. An apparatus is for performing the method.

Abstract: A method is for responding to a cyber-attack-related incident against an industrial control system environment. The method includes collecting data and information from internal sources on the industrial control system collecting data and information from sources external to the industrial control system aggregating the data and information collected from internal and external sources into one or more databases and knowledge bases and comparing the collected data and information to previously collected data and information so as to formulate a response to a detected cyber-attack-related incident against the industrial control system. There is also described a system for responding to a cyber-attack-related incident against an industrial control system environment.

Abstract: A method is for monitoring an industrial control system. The method comprises collecting data from one or more sources external to the industrial control system; collecting data from one or more internal sources on the industrial control system; aggregating data collected from said internal sources or from said external sources; correlating said collected data by analyzing and interpreting said collected data in view of previously collected data so as to monitor the security of the industrial control system. An apparatus is for performing the method.