Industrial Control Systems (ICS) is an umbrella term for the hardware and software that monitor and operate physical processes — power grids, water treatment plants, pipelines, factories, and transit systems. SCADA (Supervisory Control and Data Acquisition) is a subset focused on remote monitoring and control across geographically distributed assets. ICS/SCADA security is the discipline of defending these environments, which often include programmable logic controllers (PLCs), remote terminal units (RTUs), human-machine interfaces (HMIs), and historians.
Unlike conventional IT security, where confidentiality usually ranks first, ICS environments prioritize availability and safety. A patch that reboots a server is trivial in an office; in a refinery it can trigger a shutdown or a safety incident. Many control devices use legacy protocols (Modbus, DNP3, IEC 60870-5-104, Profinet) that were designed without authentication or encryption, and run on equipment with lifespans of 20+ years.
The field gained public attention after Stuxnet (discovered 2010), which targeted Siemens S7 PLCs controlling Iranian uranium centrifuges at Natanz. Subsequent landmark incidents include the 2015 and 2016 attacks on Ukraine's power grid (attributed to Sandworm), the 2017 Triton/Trisis malware targeting Schneider Triconex safety instrumented systems in Saudi Arabia, and the 2021 Colonial Pipeline ransomware incident, which — though it hit IT systems — forced operational shutdown across the US East Coast.
Common reference frameworks include the Purdue Enterprise Reference Architecture for network segmentation, IEC 62443 (the international standard series for industrial automation and control system security), the NIST SP 800-82 guide, and sector-specific rules like NERC CIP for the North American bulk electric system. Core controls emphasize network segmentation between IT and OT, asset inventory, monitoring of east-west traffic, strict change management, and protection of safety instrumented systems as a last line of defense against physical harm.
Example
In December 2015, attackers compromised SCADA systems at three Ukrainian regional electricity distribution companies, opening breakers and cutting power to roughly 225,000 customers — the first publicly confirmed cyberattack to cause a power outage.
Frequently asked questions
It prioritizes availability and physical safety over confidentiality, deals with long-lived proprietary equipment, and must accommodate real-time process constraints that prohibit routine patching or rebooting.
Keep learning