An Analysis of Critical Cybersecurity Controls for Industrial Control Systems




industrial control systems, critical infrastructure, cybersecurity


Industrial Control Systems (ICS) comprise software, hardware, network systems, and people that manage and operate industrial processes. Supervisory Control and Data Acquisition Systems (SCADA) and Distributed Control Systems (DCS) are two of the most prevalent ICS. An ICS facilitates the effective and efficient management and operation of industrial sectors, including critical infrastructure sectors like utilities, manufacturing, and water treatment facilities. An ICS collects and integrates data from various field controllers deployed in industrial contexts, enabling operators to make data-driven decisions in managing industrial operations. Historically, ICS were isolated from the internet, functioning as part of air-gapped networks. However, the efficiency improvements brought about by the emergence of Information Technology necessitated a shift towards a more connected industrial environment. The convergence of Information and Operational Technology (IT/OT) has made ICS vulnerable to cyberattacks. Due to the crucial nature of the infrastructure that ICS manage, cyberattacks against ICS may cause critical infrastructure sectors to experience downtime. This may have a crippling impact on a country's well-being and essential economic activities. Given the proliferation of cyber warfare, cyberattacks against ICS are increasingly significant at present, as was the case during the 2015 attack on Ukraine's power infrastructure, which was successful in causing a blackout that affected over 200 000 persons. The threat actors used malicious software known as "BlackEnergy3", which was created to interfere with the regular operation of the ICS in charge of controlling electrical substations. This was the first known instance of malicious software causing blackouts.  In response to increasing cyberattacks against ICS, the SANS Institute, in a whitepaper titled “The Five ICS Cybersecurity Critical Controls”, present five critical controls for an ICS cybersecurity strategy. This paper discusses ICS and the increased convergence of IT and OT. The paper also outlines significant cyberattacks directed at ICS. The paper then follows an exploratory research methodology done in response to the Five ICS Cybersecurity Critical Controls to determine the state of ICS literature that can help ICS operators secure their environments in accordance with the framework. Additionally, the ICS Cybersecurity Critical Controls are mapped to the NERC CIP standards, which provide guidance on the security of the Bulk Electric System (BES) and associated critical assets in North America.

Author Biographies

Nkata Sekonya, University of Johannesburg

Nkata Sekonya is a postgraduate student in computer science at the University of Johannesburg, SA. He received his BSc in Information Technology from the University of Johannesburg in 2021. His main research interests are digital forensics, critical infrastructure protection, and the internet of things.

Siphesihle Sithungu, University of Johannesburg

Siphesihle Sithungu is from Johannesburg, South Africa and holds an MSc in Computer Science (University of Johannesburg). He is a lecturer at the University of Johannesburg, and his research interests are the use of artificial intelligence techniques for critical information infrastructure protection. Mr Sithungu is a technical committee member for the International Conference on Computational Intelligence and Intelligent Systems.