Assuring Industrial Control System (ICS) Cyber Security

Industrial Control Systems (ICS)1 are an integral part of the industrial infrastructure providing for the national good. These systems include Distributed Control Systems (DCS) Supervisory Control and Data Acquisition systems (SCADA), Programmable Logic Controllers (PLC), and devices such as remote telemetry units (RTU), smart meters, and intelligent field instruments including remotely programmable valves and intelligent electronic relays. While sharing basic constructs with Information Technology (IT) business systems, ICSs are technically, administratively, and functionally more complex and unique than business IT systems. There have been more than 100 intentional and unintentional ICS cyber incidents, ranging from trivial impacts, to significant environmental damage, to serious equipment damage, to deaths. Efforts to secure these critical systems are too diffuse and do not specifically target the unique ICS aspects.