Most industrial control systems began as proprietary, stand-alone collections of hardware and software that were walled off from the rest of the world and isolated from most external threats. Today, widely available software applications, Internet-enabled devices and other nonproprietary IT offerings have been integrated into most such systems. This connectivity has delivered many benefits, but it also has increased the vulnerability of these systems. Cybersecurity threats to ICS can pose significant risks to human health and safety, the environment, and business and government operations.
The current draft—the second revision of the guide—includes updates to sections on ICS threats and vulnerabilities, risk management, recommended practices, security architectures, and security capabilities and tools for ICS.
Due to their unique performance, reliability, and safety requirements, ICS cybersecurity often requires adaptations and extensions to NIST-developed security standards and guidelines for traditional IT systems.