ISAGCA and ICS4ICS Announce Cybersecurity First Responder Credentialing Program

  • July 13, 2021
  • Research Triangle Park, North Carolina

The ISA Global Cybersecurity Alliance (ISAGCA) and the Incident Command System for Industrial Control Systems (ICS4ICS) announced today the release of a cybersecurity first responder credentialing program.

The ISA Global Cybersecurity Alliance has joined forces with the Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity response teams from more than 50 participating companies to adopt FEMA's Incident Command System framework for response structure, roles, and interoperability. This is the system used by First Responders globally when responding to hurricanes, floods, earthquakes, industrial accidents, and other high impact situations.
Incident Command Systems have been tested over more than 30 years of emergency and non-emergency applications, throughout all levels of government and within the private sector.
The ICS4ICS approach guides companies, organizations, and municipalities in identifying an incident, assessing damage, addressing immediate challenges, communicating with the right agencies and stakeholders, and resuming day to day operations. The framework applies traditional Incident Command Systems best practices to cybersecurity incidents, ensuring common terminology and enabling diverse incident management and support entities to work together. ICS4ICS provides clearly defined command structures, including standard roles needed in a response, and the framework can scale to support small or extremely large-scale incidents that impact many organizations.
“For many years, we’ve needed ICS4ICS, to enable collectively organized cyber and physical responses in a unified way. Credentialing cybersecurity first responders is an important milestone in this valuable public-private partnership,” said ISAGCA Advisory Board chairperson and ICS4ICS leader Megan Samford, VP and Chief Product Security Officer of Schneider Electric’s energy management business. “We’ve developed an adjudication process and certified our first four responders. I’m proud to be one of them and stand ready to help companies recover from cyber incidents.”
The adjudication process, managed by a formal committee within ICS4ICS, consists of an application process and panel of incident command system (ICS) subject matter experts who evaluate the candidate’s submittal. The inaugural round of credentialing recognizes these cybersecurity experts:

  • Mark Bristow, Branch Chief of Cyber Defense Coordination at CISA, whose 15-year career with US government cybersecurity agencies includes responses to incidents ranging from Ukraine cyberattacks to attempts by Russian government hackers to intrude on energy equities
  • Neal Gay, Senior Manager of Managed Defense/Industrial Control Systems at FireEye
  • Megan Samford, ISAGCA Chairperson; VP and Chief Product Security Officer of Schneider Electric’s energy management business
  • Brian Wisniewski, US Army Reserve
Interested companies and organizations can engage with ICS4ICS to learn how they can participate in this multilateral preparedness scheme for responding to cyber incidents. There are no membership requirements to participate, and we are seeking broad engagement from both the private and public sectors. The proven approach is vetted by industry companies and subject matter experts and the program has significant value for small to medium sized entities that do not have the time, finances, or personnel to assign a full-time cyber response unit, but still need to develop plans and train employees accordingly.

ISAGCA recently released a blog article on ICS4ICS entitled, “Addressing the Downstream Effect of a Cyber Attack,” as well as the webinar, “ICS4ICS Stands Up ICS Incident Response System 2021,” featuring Neal Gay.

Interested parties can learn more at

The ISA Global Cybersecurity Alliance is made up of 50 member companies, representing more than $300 billion in aggregate revenue across more than 2,400 combined worldwide locations. Automation and cybersecurity provider members serve 31 different industries, underscoring the broad applicability of the ISA/IEC 62443 series of standards. Current members of ISAGCA include 1898 & Co. (Burns McDonnell), ACET Solutions, aeSolutions, Baserock IT Solutions, Bayshore, Carrier Global, Claroty, ConsoleWorks, Coontec, CyberOwl, CyPhy Defense, Deloitte, Digital Immunity, Dragos, Eaton, exida, Ford Motor Company, Fortinet, Honeywell, Idaho National Laboratory, Idaho State University, ISASecure, Johns Manville, Johnson Controls, KPMG, LOGIIC, Mission Secure, MT4 senhasegura, Munio Security, Nova Systems, Nozomi Networks, PAS, PETRONAS, Pfizer, Radiflow, Rockwell Automation, Schneider Electric, Surge Engineering, TDI Technologies, Tenable, TI Safe, Tripwire, UL, Wallix, WINICSSEC, WisePlant, Xage Security, and Xylem. For more information about ISAGCA, visit