But DHS, Motorola Solutions and the Israeli government are hoping Motorola's ACE-3600 raises the bar for security in ICS. Israel's NISA has just completed the testing and certification of it for use in Israel, and in the U.S., Idaho National Lab is reviewing it as well. Motorola Solutions product manager Kobi Levin said Motorola expects to begin selling it in June.

The ACE-3600 is a souped-up ICS that does a lot of what ICSs do not do today in terms of security, including working with an authentication for secure user-access control and role-based permissions. It can encrypt data at rest and in transit, log security events, has secure programming to avoid back doors, has an integrated IP firewall, and uses McAfee whitelisting technology to make sure no unauthorized are added to the console. The RTU controller itself doesn't have a way to use whitelisting yet, but McAfee is working on that, says Levin.

McAfee, the security company that's now part of Intel, today also presented a security approach for ICS-based networks used in plants and manufacturing, which increasingly have some way to access the corporate business networks that have Internet access, which heightens risk.

Eric Knapp, director of critical infrastructure markets at McAfee, noted that it's not feasible to run antivirus software for a controller because of the CPU consumption. But other controls, such as whitelisting, which restricts unauthorized applications, can be used on consoles, for example. McAfee is working on some security products especially designed for use in the ICS environment.

Despite the differences, there are also a lot of similarities between the engineer's ICS and SCADA networks and the company's typical IT business network, Knapp points out. Like the IT business network, ICS networks can use products such as firewalls, intrusion-prevention systems security information and event management (SIEM) as well.