Factsheet Your ICS/SCADA and building management systems online

Malicious persons and security researchers show interest in the (lack of) security of industrial control systems. This relates not only to ‘traditional’ ICS/SCADA systems, but also to building management systems (incl. HVAC and CCTV). These latter systems in particular can often be accessed directly from the Internet. Industrial control systems do not always fall within the scope of the security policy. Many organisations are not aware of the resultant risks. In addition, many organisations do not have an up-to-date overview of all the systems that are connected to the Internet. As a result, they do not always make a proper assessment of the risks or take the right measures.

This publication is no longer actively maintained by the NCSC. The information in this publication may therefore be out of date.

This factsheet describes the risks of connecting ICS/SCADA and building management systems to the Internet and the measures organisations can take to secure these systems.