Key cyber security controls in industrial automation

A common problem in industrial cyber security management is deciding on which controls to focus on in production environments in particular. Luckily the issue has been analysed by several parties, who have also published instructions regarding good practices. In this set of guidelines we recombine recommendations from the publications of several national authorities and information security firms and supplement them with our own experiences.

There are never enough resources available to perfectly manage cyber security. How, then, can you make sure that the cyber security controls that you decide to employ actually provide sufficient security? This is a particularly tricky question in industrial environments, where digital technology is a critical part of production. The most serious risks in production environments are unexpected stoppages and losing control of the production process. Because of this, the priorities for industrial environments are markedly different compared to the cyber security of conventional information technology.

The publication ‘The Five ICS Cybersecurity Critical Controls’ by the information security research and training community SANS defines the five most important controls for production network monitoring. Dragos, a company specialising in cyber security management in industrial automation, refers to these five controls in its 2022 Year in Review and evaluates how well they have been implemented in the cases it covers.

We have adapted the five SANS controls with the aid of instructions from the National Cyber Security Centre Ireland, the United States Cybersecurity and Infrastructure Security Agency (CISA) and Department of Energy (DoE), and the National Cyber Security Centre Finland.