Control systems consist of one or more devices that control, regulate and/or monitor the behaviour of other devices or systems. In industrial production, the term "industrial control systems" (ICSs) is commonly used. For some time now, industrial control systems have also been found more frequently in applications outside the manufacturing industry, such as home automation and traffic control. In principle, an industrial control system can refer to any system that regulates and/or monitors a physical process. Most of the basic rules for protecting such systems can also be applied beyond industrial manufacturing. For this reason, industrial control systems are generally referred to as "ICSs" in this article.
SANS, a security institute in the United States, has published 20 critical security controls indicating how IT infrastructures can be protected in general. Some of these may also be used on ICSs. Further recommendations have been issued by the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and the National Institute of Standards and Technology. The following recommendations are based on these documents.
