Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Industrial Control Systems Cybersecurity

Despite the threats of cyberattack on computer-controlled industrial systems, utilities and other users of these systems can be hesitant to adopt common security technologies out of concern for their impact on system performance. NIST developed a guide to help industry understand and implement cybersecurity approaches to protect them from these threats.


Test Bed

NIST’s Guide to Industrial Control Systems (ICS) Security helps industry strengthen the cybersecurity of its computer-controlled systems. These systems are used in industries such as utilities and manufacturing to automate or remotely control product production, handling or distribution. By providing guidance on how to tailor traditional IT security controls to accommodate unique ICS performance, reliability and safety requirements, NIST helps industry reduce the vulnerability of computer-controlled systems to malicious attacks, equipment failures and other threats.

Today, widely available software applications and internet-enabled devices have been integrated into most ICS, delivering many benefits, but also increasing system vulnerability. Sophisticated malware that specifically targets weaknesses in ICS is on the rise, posing a significant threat to U.S. economic and national security.

NIST research focuses on the connectivity of devices and networks and how to strengthen system and device defenses. Most recently, NIST developed guidance for how ICS users can apply the approaches to cybersecurity described in another widely used NIST product, the Security and Privacy Controls for Federal Information Systems and Organizations. With this information, utilities, chemical companies, food manufacturers, automakers and other ICS users can adapt and refine these security controls to address their specialized security needs.