Industrial Control Systems (ICS)
For measuring, controlling and regulating processes, such as the automation of processes and the monitoring of large systems, so-called Industrial Control Systems (ICS) are often used in the manufacturing industry and in industries that are counted as critical infrastructures (KRITIS), e.g. energy, water, food or transport and transport.
Contrary to traditional IT, ICS have different requirements for the protection objectives availability, integrity and confidentiality. This is reflected, for example, in longer operating times and rare maintenance windows. In addition, in particular the real-time requirements, which are essential for the control frequency, should be mentioned. In addition, there are warranty claims. Established protective measures from the office environment are only partially transferable to ICS.
The Federal Office for Information Security (BSI) has therefore considered the topic of ICS separately and has published an ICS Security Compendium, among other things.
Joint projects and publications
Operational technology (OT) comprises of hardware and software that monitors and controls physical devices, processes and events in industrial plants. In particular, this includes industrial control systems (ICS), automation, as well as laboratory equipment, logistics systems and building control systems. As IT components from office IT are also increasingly being used in OT, a similarly high level of risk can be assumed. However, OT differs significantly from traditional IT, making it more difficult to apply established security procedures.
September 2024: Document “Principles of operational technology cyber security”
The OT cyber security principles are intended to assist operators in making informed and comprehensive decisions to ensure the security and continuity of business operations when planning, implementing and managing OT systems. The principles should be easy to understand for OT decision-makers and address all employees of an organization - regardless of whether operational, tactical or strategic decisions are involved. With the help of the principles, OT cyber security can be designed holistically.
