In advanced societies all aspects of commerce and industry are now based on networked IT systems.
Failures of these systems have the potential to be extremely disruptive.
The term Critical Infrastructure (CI) is used to define systems (private and public) considered vital to national interests whose interruption would have a debilitating effect on society.
It is recognized cyber security threats to CIs range from malicious to state sponsored. The threats are typically continuous and evolving in sophistication.
This paper is primarily focused on Process Control Networks (PCNs). PCNs are used as the basis of industrial process control in a wide range of applications (manufacturing, oil and gas, water etc.).
Given the importance of this industrial sector there are a range of guidelines considered to be exemplars of best practice.
However given the constantly evolving sophistication of hackers the true measure of security is penetration testing – not something that is practical in industrial systems.