Skip to main content

This content provides guidance on essential control system mitigations.

Here are some essential mitigation strategies you can implement to protect your industrial control systems from a range of cyber threats. Use them where appropriate based on the outcomes of threat modelling activities.

  1. Tightly control or prevent external access to the control system network; segregate it from other networks such as the corporate network and the Internet.
  2. Implement two-factor authentication for privileged accounts and access originating from corporate or external networks.
  3. Disable unused external ports on control system devices.
  4. Visibly mark authorised devices inside the control system environment with organisation-unique anti-tamper stickers.
  5. Make regular backups of system configurations and keep them isolated. Test the restoration procedure and validate the backup integrity periodically.
  6. Regularly review firewall settings are in an expected state.
  7. Prevent devices inside the control system network from making connections to the corporate network or the Internet.
  8. Enable logging on control system devices and store logs in a centralised location. Institute regular monitoring and incident response practices to ensure that anomalies are identified, investigated and managed in a timely fashion.
  9. Define a process for introducing external software and patches into the control system. Where necessary (on exceptionally critical components), review code and only allow approved binaries.
  10. Use vendor-supported applications and operating systems, and patch associated security vulnerabilities in a timely manner.