return to research

Industrial Control Systems: Securing the systems that control physical environments

technologygovernancesupply chaincloud
Industrial Control Systems: Securing the systems that control physical environments
Download the executive summary

With so many global organisations heavily reliant on Industrial Control Systems (ICS) to support business operations, senior business managers and boards are now encountering growing pressure to improve and maintain the security of their organisations ICS Environments.

ICS form the bedrock of organisations in industry sectors including utilities, transportation and manufacturing, and are often a key constituent of a country’s critical national infrastructure (CNI). Many ICS are now interconnected with enterprise IT or external networks, and are becoming increasingly attractive targets for attackers, with the potential to cause major disruptions to business operations, substantial financial or operational penalties and reputational damage.

The ISF’s ICS Security Programme has been designed to help organisations evaluate and improve the effectiveness of ICS security. This practical, risk-based information security programme allows organisations to implement a tailored, collaborative approach and is supported by a set of ICS Security Review Tools, an ICS Threat Reference Guide, and an ICS Security Controls Toolkit. The programme can be used to evaluate and improve information security for:

  • Individual ICS (e.g. PLC, DCS or SCADA).
  • Groups of ICS that perform a defined function (e.g. in a food processing station, mining equipment, assembly machinery or robot control system).
  • A full-scale industrial operation (e.g. in a chemical plant, oil refinery or power station).