Industrial Control Systems Security Checklist: A Guiding Document for Developing Secure Industrial Control Systems, V1.0

Abstract

With a more connected world, where someone can attack digital industries in distant countries with low risk and cost, cyber security is becoming increasingly important on a nation-wide level. Several recent attacks illustrate this, for example towards the power grid in Ukraine in 2015 and 2016, a petrochemical plant in Saudi Arabia in 2017, the attack towards a cloud service provider to the train system in Denmark in 2022, and others. These attacks can, if successful, harm important industry and infrastructure such as hospitals, transportation, and industrial manufacturing.

While traditional Industrial Control Systems (ICS) have been mostly isolated, they are increasingly getting connected to the internet, increasing the risks of cyberattacks. This guidance document intends to contribute to securing ICS and reduce the probability of successful cyberattacks and limit consequences affecting health, environment, and the economy.

This guidance document is a deliverable from the project Ragnarok at SINTEF, and complements the Security Aspects of Industrial Control Systems document and the IoT checklist document, also a deliverable in this project. In this project we looked at both ICS and IoT security, both at the state of the art and within the context of industry 4.0 and the potential collapse of the SCADA pyramid.