Factsheet Your ICS/SCADA and building management systems online
Malicious persons and security researchers show interest in the (lack of) security of industrial control systems. This relates not only to ‘traditional’ ICS/SCADA systems, but also to building management systems (incl. HVAC and CCTV). These latter systems in particular can often be accessed directly from the Internet. Industrial control systems do not always fall within the scope of the security policy. Many organisations are not aware of the resultant risks. In addition, many organisations do not have an up-to-date overview of all the systems that are connected to the Internet. As a result, they do not always make a proper assessment of the risks or take the right measures.
This factsheet describes the risks of connecting ICS/SCADA and building management systems to the Internet and the measures organisations can take to secure these systems.
This document is currently under revision, which means that the document has not been reviewed or changed in the past year. As a result, the content of the document may not be up-to-date. The NCSC intends to update this product in the near future.