Your browser does not support JavaScript!

Securing ICS – going beyond IT

Securing ICS – going beyond IT

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
— Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

It is often stated that industrial control system (ICS) environments are difficult to protect from cyber attack. The use of legacy equipment, extended system life cycles, real-time requirements etc. are often quoted as reasons why ICS is so difficult to protect. These are valid arguments and should not be dismissed; however, the danger with this message is that ICS owner/operators may become daunted by prospect of implementing a cyber security programme. There is little acknowledgment of how the characteristics of ICS can be leveraged to provide a significant security benefit. Applying IT best practise is not always suitable for ICS environments, causing operational issues and security controls that fail to reach their potential. ICS environments allow the implementation of strict deny-by-default, allow-by-exception policies. Such strict configurations may be unmanageable in many IT environments due to the fluid nature within IT, where users may want to use a variety of different programmes and services. ICS environments are much more static meaning that strict configurations are manageable, resulting in a more robust control system where compliance with change management procedures and health and safety executive (HSE) work permit systems are enforced and auditable. By blindly applying IT policy, the benefits of this environment could be missed.

Related content

This is a required field
Please enter a valid email address