This guidance applies to organizations whose networks have been compromised by a cyber attack as well as to those desiring to improve their network security preparedness to respond to a cyber incident. The guidance is relevant to both enterprise and control system networks, particularly where interconnectivity could allow adversaries to move laterally within and between networks. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to implementing defensive measures to avoid any negative impact to normal operations.

The guidance is organized into several topical areas and provides network administrators with concepts for improving detection of intrusions, preventing lateral movement of threat actors, and controlling access to the various segments of a network. The guidance is in the form of “what” should be done and “why” it is important. The “how” of implementation is the responsibility of each organization and is dependent on individual needs, network topology, and operational requirements.

Full alert is sourced here