Industrial control systems (ICS), or the hardware and software that monitor and control physical equipment and processes for critical infrastructure, such as water, oil, gas, energy and utilities, as well as automated manufacturing, pharmaceutical processing and defense networks, present a wildly attractive target for those who seek to cause disruption or to threaten infrastructure for their own purposes. Because of the significant costs of designing, developing and optimizing control systems, those seeking to gain technical data for their own use also target them.
SANS recognized the growing concerns about attacks on this sector with the appearance of Stuxnet and began developing an ICS security-specific practice, including a growing selection of educational offerings and an annual survey of professionals working or active in industrial control systems. Since our first ICS security survey, we have seen such disturbing events as the 2014 German steel mill incident and ICS-targeting malware such as Havex and Dragonfly.
In 2015, we conducted our third survey on ICS security, which was taken by 314 respondents. Their answers indicate their organizations are concerned about keeping their most basic ICS operations running reliably and safely. They also show an increasing uncertainty over whether their systems have been infiltrated without their knowledge. Download the document for the full report.