Industrial Control Systems (ICS) are used by utility companies and manufacturers to manage critical infrastructures worldwide, including electric power plants, oil/gas operations, pipelines, mining operations and transportation. Today's are like never before— which is why those working in ICS need help from those working in the IT security industry.

ICSs include Supervisory Control and Data Acquisition (SCADA); Distributed Control Systems (DCS); Programmable Logic Controllers (PLC); Remote Terminal Units (RTU); Intelligent Electronic Devices (IED); field controllers; sensors; emission controls; building controls such as fire suppression, thermostats and elevator controls; and automated business and residential meters.

ICSs measure, control and provide the operator a view of the process. The operator view is often Windows-based and appears to be traditional business IT technology. However, the field devices that measure and control the process use proprietary operating systems and communication protocols and have their own unique characteristics. These field systems do not look like business IT systems and are technically and administratively different from IT systems. Even security policies are different: ISO-27001 applies to IT, but ICSs utilize ICS-specific policies such as those from the International Society for Automation (ISA). ICSs used to be isolated – out of sight, out of mind.

But that's all changing. ICSs are being upgraded with advanced communication capabilities and networked (including to the Internet) to improve process efficiency, productivity, regulatory compliance and safety.

These networks can be within a facility or even between facilities that are continents apart. When an ICS does not operate properly, the resulting problems can range in impact from minor to catastrophic, including deaths and physical destruction.