An Industrial Control System (ICS) needs the type of network security that takes into consideration its central role in industrial applications. Problems that arise in ICS operations can result in losses on many different levels, including costs incurred from equipment damage, and even loss of life. Although ICS networks may use some of the same technology and devices as enterprise IT systems, from a hands-on practical point of view, ICS network security differs in three aspects: protecting devices, content for filtering, and operating environment.

In this white paper, we outline three key distinguishing characteristics of ICS networks and the unique network security requirements of ICS networks compared to IT networks, summarize the best practice using a “defense-in-depth” design, and present solutions that forward-thinking ICS operators have deployed to realize robust cybersecurity on their ICS networks, including an ICS cybersecurity case study from an oil & gas pipeline monitoring application.