Skip to Main Content
Automated control systems (ACSs) lie at the heart of industrial and infrastructure systems and, as such, are one of the most critical parts of critical infrastructures. Yet the information security world has largely ignored these systems, and most information security folks seem to think that the protective processes, measures, and mechanisms that apply to general-purpose enterprise computers also apply to ACSs. At the same time, most control systems engineers know almost nothing about information protection and don't recognize even the potential for the sorts of things that information security professionals consider standard. This mismatch must be addressed, or we'll be paying the price for it for at least one generation.