Industrial cybersecurity focuses on protecting Industrial Automation and Control Systems (IACS) from cyber threats while
maintaining the safe, reliable, and continuous operation of industrial processes. Unlike traditional information technology
(IT), industrial environments directly interact with physical equipment and processes, meaning a successful cyberattack can
have consequences far beyond data loss.
ISA/IEC 62443-1-1 clause 4 is partially aligned to the information presented here but key concepts have been expanded upon.
Figure 1 - IACS Cybersecurity Overview
The Situation
IACS operate within complex environments. An increasing amount of information is shared between IACS and business
(IT / corporate) systems. Because IACS directly control processes and equipment, cyber breaches can cause not only
confidentiality impacts (stolen secrets), but also:
Loss of life
Production and financial impacts
Equipment damage
Environmental events
Regulatory violations
Compromised operational safety
Threats are both external and internal, and may be malicious or non-malicious (accidental). Many business changes or
improvements also increase the potential risk of compromising security.
Industrial cybersecurity is a shared responsibility. Effective security cannot be achieved through
technology alone; it requires people, processes, and technology working together throughout the lifecycle of an
industrial system.
People – Engineers, operators, technicians, management, vendors, and contractors all play a role in maintaining security.
Processes – Policies, procedures, governance, change management, and incident response ensure security is consistently applied.
Technology – Hardware, software, networks, and security controls provide the technical mechanisms used to protect industrial systems.
Weakness in any one of these areas can undermine the effectiveness of the others.
Current Systems
IACS were historically isolated. Most systems today are made up of commercial off-the-shelf (COTS) software and hardware,
are often connected to the internet, run on multiple platforms and operating systems, and include legacy equipment that
was not designed for security.
Increased integration and interdependency have brought clear benefits:
Greater visibility and more integrated processes
Improved analysis and optimisation opportunities
More direct access, enabling responsive maintenance
Common interfaces that reduce overall support burden and complexity
Remote support availability
Remote monitoring and management
While beneficial, these changes also increase the potential for security breaches and vulnerabilities.
IACS are often built upon legacy systems, with designs that extend existing designs and conform to the constraints of
current infrastructure. This creates complex configurations that make it difficult to understand the system entirely, for
example:
Who is authorised on the system, and from where
Who has access to what information
What can be done from the system
How things are done (several ways may exist)
Current Trends
Modern industrial systems have become increasingly interconnected and dependent on standard computing and networking
technologies. While these advances improve efficiency and productivity, they also expose industrial systems to many of
the same cyber threats faced by traditional IT environments.
Key trends increasing cyber risk include:
Increase in malicious code attacks on business and personal computer systems
Movement toward COTS operating systems and protocols, and interconnection with business networks, making IACS more susceptible to attack
Tools to automate attacks commonly available on the Internet
Increase in service providers, system integrators, and contractors — more organisations and people with access to and knowledge of the systems
Shift in threat profile from disgruntled employees toward deliberate criminal or terrorist activities
Adoption of industry standard protocols such as Internet Protocol (IP), exposing these systems to the same network-layer vulnerabilities as business systems
Greater integration between IT and OT environments
Growth in remote access technologies
Public disclosure of software and hardware vulnerabilities
Rapid growth in ransomware targeting operational technology
Increasing use of AI-assisted malware
As a result, cybersecurity needs for IACS are increasing.
Potential Impacts
Unlike traditional IT incidents, cyberattacks on industrial systems can have direct physical consequences. Potential
impacts include:
Unauthorized access, theft, or misuse of confidential information
Publication of information to unauthorized destinations
Loss of integrity or reliability of process data and production information
Loss of system availability
Process upsets leading to compromised process functionality, inferior product quality, lost production capacity, compromised process safety, or environmental releases
Equipment damage
Personal injury
Violation of legal and regulatory requirements
Risk to public health and confidence
Threat to a nation’s security
Societal Consequences
Disruption of essential services – Interruptions to electricity, water, healthcare, transport, and communications.
Economic impact – Recovery costs, reduced productivity, increased consumer costs, and business losses.
Loss of public trust – Reduced confidence in organisations, governments, and digital services.
Privacy violations – Theft or misuse of personal and sensitive information.
Public safety risks – Disruption of critical infrastructure may place lives at risk.
Psychological impacts – Stress, uncertainty, and reduced confidence following major cyber incidents.
National security concerns – Attacks against critical infrastructure may affect national resilience and geopolitical stability.
Organisational Consequences
Financial losses – Recovery costs, regulatory penalties, legal fees, lost production, and potential ransom payments.
Operational disruption – Downtime, reduced productivity, and interruption to business operations.
Data loss or theft – Theft, alteration, or destruction of confidential information.
Reputational damage – Reduced customer confidence and long-term brand damage.
Legal and regulatory consequences – Investigations, penalties, and compliance failures.
Increased cybersecurity costs – Investment in security technologies, audits, training, and incident response.
Loss of intellectual property – Theft of proprietary information, trade secrets, and research.
Supply chain disruption – Impacts that extend to suppliers, customers, and business partners.
Business continuity challenges – Severe attacks may force temporary or permanent suspension of operations.
Common IACS Security Myths
"We aren't connected to the Internet."
False.
Many industrial environments contain indirect or unintended connections that provide potential pathways into the control
system.
Common examples include:
Remote support connections
Engineering laptops
USB storage devices
Cellular modems
Remote monitoring equipment
Firewall misconfigurations
"We're protected by a firewall."
False.
A firewall is only effective when it is correctly designed, configured, and maintained. Poor firewall configuration
remains one of the most common weaknesses in industrial environments.
Effective firewall management requires:
Correct configuration
Regular auditing
Ongoing maintenance
"Hackers don't understand control systems."
False.
Knowledge of industrial systems is now widely available through publicly available exploits, Cybercrime-as-a-Service,
research publications, and online communities.
"Our facility isn't a target."
False.
Every industrial sector is a potential target. Critical infrastructure, manufacturing, mining, utilities, food production,
and other industries have all experienced cyberattacks.
For many organisations, the question is no longer if an attempted compromise will occur, but when.
"Safety systems will protect us."
False.
Malware such as TRITON demonstrated that attackers may deliberately target Safety Instrumented Systems (SIS). Safety
systems should therefore be considered another critical asset requiring cybersecurity protection.
Summary
IACS operate in complex, increasingly connected environments where cyber incidents can cause safety, environmental, and production impacts — not only data loss.
Modern systems rely on COTS technology, multi-platform environments, remote access, and legacy equipment never designed for cybersecurity.
Integration brings operational benefits but also widens the attack surface and makes systems harder to fully understand.
Current trends — standard protocols, third-party access, readily available attack tools, and ransomware — are increasing cybersecurity needs.
Potential impacts range from information misuse and loss of availability through to process safety failures, regulatory violation, and national security concerns.
Effective cybersecurity depends on people, processes, and technology working together; common assumptions about isolation and protection are often misconceptions.