Skip to content
Illustration of icons featuring an orange cone, an eye, and a red alarm light. Text reading "five critical controls for industrial system cybersecurity".

Illustration by iStock, Security Management

5 Critical Controls for Industrial System Cybersecurity

Smaller organizations and utilities can easily feel overwhelmed and under-resourced when facing cybersecurity threats. In a 2022 white paper, SANS Institute outlined five cybersecurity controls that together can create an efficient industrial control system (ICS) or operational technology (OT) security program—providing an effective starting point for organizations, especially as IT, OT, and physical attacks and effects overlap to harm infrastructure and communities.

5 Essential Cybersecurity Controls


Incident Control Systems (ICS) Incident Response

    1. Do you have an incident response plan focused on operational integrity and recovery?
    2. Have you tested the plan with tabletop exercises and drills?



Defensible Architecture

    1. Defensible architecture reduces as much accepted risk as possible through system design.
    2. Identify and inventory as many assets as possible, especially key sites and crown jewels.
    3. Segment environments to restrict access and improve monitoring.
    4. Log activity and traffic, especially in systems of value, to detect anomalies early.



ICS Network Visibility Monitoring

    1. Can you conduct deep packet inspection of ICS protocols? This helps collect data and detect risk scenarios, validate defensible architecture, and analyze root causes in security events.
    2. Many products can help with this control—look for ones that enable non-intrusive monitoring, asset inventory, vulnerability identification, and more.



Secure Remote Access

    1. In most industrial and critical infrastructure organizations, remote connectivity is unavoidable. Remote access has as many risks as benefits, so select your protocols and partners with care.
    2. Consider leveraging multi-factor authentication to reduce adversary attack options through remote access.



Risk-Based Vulnerability Management

    1. ICS vulnerabilities are discovered every day, making patch management feel overwhelming. Apply a risk-based approach enables teams to focus on key vulnerabilities that pose legitimate risks to the organization.
    2. Focus on the vulnerabilities that drive risk to the organization, such as those that enable an adversary to access the ICS or introduce a new functionality that could cause operational issues.