Industrial Control Systems (ICS) is an umbrella term for the hardware, software, and network components used to automate and supervise industrial processes. The category includes SCADA (Supervisory Control and Data Acquisition) systems, Distributed Control Systems (DCS), Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and Human-Machine Interfaces (HMIs). These systems run electricity transmission, oil and gas pipelines, water treatment plants, chemical refineries, transportation networks, and manufacturing lines.
ICS were historically isolated ("air-gapped") and built around proprietary protocols such as Modbus, DNP3, and IEC 60870-5-104. Convergence with IT networks, remote maintenance, and the industrial internet of things has eroded that isolation, making ICS a major concern in national security and cyber policy. Unlike conventional IT, ICS prioritise availability and safety over confidentiality, run on long replacement cycles (often 15–30 years), and may use equipment that cannot be patched without halting production.
Several incidents have shaped policy debates:
- Stuxnet (publicly identified in 2010) targeted Siemens PLCs at Iran's Natanz uranium enrichment facility, the first widely documented cyber-physical weapon.
- BlackEnergy/Industroyer attacks on Ukraine's power grid in December 2015 and December 2016 caused outages affecting hundreds of thousands of customers.
- TRITON/TRISIS (2017) targeted Schneider Electric Triconex safety instrumented systems at a Saudi petrochemical plant.
- The Colonial Pipeline ransomware incident (May 2021) disrupted US East Coast fuel supply, though it struck IT systems rather than ICS directly.
Regulatory frameworks include the US NERC CIP standards for the bulk electric system, CISA's ICS advisories and the former ICS-CERT, the EU NIS2 Directive (2022), and the international standard IEC 62443. ICS security is increasingly treated as a matter of state-level deterrence, with allegations of pre-positioning by state actors raised in multiple US intelligence community annual threat assessments.
Example
In December 2015, attackers using BlackEnergy malware compromised industrial control systems at three Ukrainian regional electricity distribution companies, cutting power to roughly 225,000 customers.
Frequently asked questions
ICS control physical processes in real time and prioritise availability and safety over data confidentiality. They use specialised protocols, run for decades, and often cannot be patched or rebooted without disrupting operations.
Keep learning