Control systems increasingly permeate all aspects of modern societies. Several ongoing and accelerating trends of networking devices together have grown from niche tech geek topics to general public awareness. Driven by market forces and technological considerations, the wired and wireless web of consumer devices, often referred to as the Internet of Things (IoT), and the interconnection of industrial equipment, termed the Industrial Internet of Things (IIoT), encounter each other with greater and greater frequency as we approach a hypothetical future state of total connectivity, the Internet of Everything (IoE), and the distinctions between them tend to blur.
In this survey we focused on the security of clearly industrial control systems: the supervisory control and data acquisition systems (SCADA), distributed control systems (DCS), process control systems (PCS) and building automation/control systems (BAS/BCS) used to manage automated manufacturing, pharmaceutical processing and food production, as well as critical infrastructure, such as water, oil and gas, energy, utilities, and aerospace and defense networks. Systems that manage traffic, transit and transportation, and keep the lights on, the data flowing, and the water clean and running—all out of the public eye—are the highest priority. SANS took on the task of investigating and improving ICS security several years ago, by forming the SANS ICS Security practice to develop and deliver training and by launching the first annual survey in 2013.