Control systems consist of one or more devices that control, regulate, and/or monitor the behaviour of other devices or systems. In industrial production, the term "industrial control system" (ICS) is often used.
SANS , a security institute in the United States, has published 20 key elements on how IT infrastructures can be protected in general. These elements may in part also be used on ICSs. Other recommendations have been published by the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT ) and the National Institute of Standards and Technology (NIST ). The following recommendations are based on these documents.
The enumerated measures should be embedded in an overarching security process, ensuring that the measures are applied, regularly verified, and continuously improved. Moreover, it is important for operators of systems to know the current threat situation, to monitor that situation regularly, and to incorporate the insights into implementation and improvement of the security measures. For this purpose, close cooperation between risk management, engineering, and operations is of the utmost importance.