SecProve
Pillar A: CybersecurityA14

OT/ICS Security

SCADA, PLC security, Purdue model, ICS-specific threats, IT/OT convergence, IEC 62443.

Practice A14 (42 questions)
Part of Pillar A: Cybersecurity · Cybersecurity groups the disciplines that share methods, tools, and threat models with OT/ICS Security.

What is OT/ICS Security?

Operational Technology (OT) and Industrial Control Systems (ICS) security protects the systems that control physical processes — power grids, water treatment plants, manufacturing lines, oil refineries, and transportation networks. Unlike IT systems where confidentiality is paramount, OT environments prioritize availability and safety: a compromised programmable logic controller (PLC) or SCADA system can cause physical damage, environmental disasters, or loss of life.

The Purdue Model (ISA-95) provides the reference architecture for OT network segmentation, organizing systems into hierarchical levels from Level 0 (physical processes and sensors) through Level 5 (enterprise network). The convergence of IT and OT networks — driven by digital transformation initiatives — has dramatically expanded the attack surface, connecting previously air-gapped industrial systems to corporate networks and the internet.

High-profile attacks like Stuxnet (2010), the Ukraine power grid attacks (2015-2016), TRITON/TRISIS targeting safety instrumented systems (2017), and the Oldsmar water treatment hack (2021) have demonstrated that nation-states and sophisticated threat actors actively target critical infrastructure. IEC 62443 has emerged as the primary international standard for industrial cybersecurity, providing a comprehensive framework for securing industrial automation and control systems.

Why it matters

OT/ICS systems control critical infrastructure that societies depend on for electricity, water, transportation, and manufacturing. A successful attack on these systems can have consequences far beyond data loss — including physical destruction and threats to human safety.

OT/ICS security applies cybersecurity principles to environments with fundamentally different constraints than IT — where patching may require plant shutdowns, legacy systems run for decades, and safety always trumps security. It bridges the gap between cybersecurity expertise and industrial engineering knowledge.

Layer 3

Build, Connect & Operate

Build and run the systems — apps, cloud, data, networks, OT, AI infra, supply chain, quantum engineering.

Other domains in this layer

A2Network SecurityA4Application SecurityA5Cloud SecurityA12Data Security, Privacy & ProtectionA13Supply Chain SecurityA16Mobile & IoT SecurityA17Cyber-Electronic WarfareC3AI Supply Chain SecurityC4AI Data SecurityC6AI Infrastructure SecurityD5Quantum Networking & CommunicationD6Quantum Security EngineeringA25Security Architecture & Engineering
See how this layer connects to the rest of the domain map →

Key topics

SCADA systems and HMI security
Programmable Logic Controller (PLC) vulnerabilities
The Purdue Model (ISA-95) and network segmentation
IT/OT convergence challenges
IEC 62443 industrial cybersecurity standard
Safety Instrumented Systems (SIS) security
OT asset discovery and inventory
Industrial protocol security (Modbus, DNP3, OPC UA)
ICS incident response and recovery
Critical infrastructure protection (NERC CIP)

People shaping this field

Researchers and practitioners worth following in this space.

Robert M. Lee

CEO of Dragos, ICS/OT security expert, SANS instructor

Ralph Langner

Industrial cybersecurity expert, Stuxnet analyst

Dale Peterson

Founder of S4 Events, ICS security pioneer

Curated resources

Authoritative sources we ground OT/ICS Security questions in — frameworks, research, guides, and tools.

NISTframework

NIST SP 800-82 Rev. 3 — Guide to OT Security

Updated terminology from ICS to OT. Covers Purdue Model, network segmentation, patching challenges in OT environments. The primary OT security reference.

ISA/IECframework

IEC 62443 — Industrial Automation Security

Multi-part standard covering security levels, zones and conduits, component requirements. International standard for industrial cybersecurity.

Dragosguide

Dragos Year in Review

Annual OT/ICS threat landscape report. Tracks threat groups (Chernovite, Bentonite, etc.) targeting industrial systems. Original research, not marketing.

CISAframework

CISA Industrial Control Systems Advisories

Authoritative feed of ICS-CERT advisories covering vulnerabilities in PLCs, HMIs, SCADA platforms, and OT vendors. The primary source for tracking active threats to industrial systems.

SANS Instituteguide

SANS Five ICS Cybersecurity Critical Controls

Practical, defender-focused control framework: ICS Incident Response, Defensible Architecture, ICS Network Visibility, Secure Remote Access, Risk-Based Vulnerability Management. The de-facto starter list.

View all resources for A14

Roles where this matters

Career paths where this domain shows up as core or recommended.

🏭OT/ICS Security SpecialistCore

Protect critical infrastructure — power grids, water treatment, manufacturing. Where cyber meets the physical world.

🏛Security ArchitectRecommended

Senior design role — defines how pillar A components fit together across identity, crypto, network, cloud, and data — and, increasingly, how pillar C bolts into it.

Certifications that signal this domain

Credentials whose blueprint meaningfully covers this domain. Core means centrally covered; also touched means present in the blueprint but not the primary focus.

Core coverage

AZ-220Professional·MicrosoftOfficial page →

Azure IoT Developer Specialty

Azure IoT Developer Specialty

C)DFEProfessional·Mile2Official page →

Mile2 Certified Digital Forensics Examiner

Mile2 Certified Digital Forensics Examiner

C)NFEProfessional·Mile2Official page →

Mile2 Certified Network Forensics Examiner

Mile2 Certified Network Forensics Examiner

CACEExpert·Information Systems Audit and Control SpecialistsOfficial page →

Excida IEC 62443 Certified Automation Cybersecurity Expert

Excida IEC 62443 Certified Automation Cybersecurity Expert

CACSProfessional·ACAMSOfficial page →

Excida IEC 62443 Certified Automation Cybersecurity Specialist

Excida IEC 62443 Certified Automation Cybersecurity Specialist

DV MILFProfessional·Dark VortexOfficial page →

Dark Vortex Malware Incident and Log Foensics

Dark Vortex Malware Incident and Log Forensics

eCDFPProfessional·INE/eLearnSecurityOfficial page →

eLearnSecurity Certified Digital Forensics Professional

eLearnSecurity Certified Digital Forensics Professional

FCSS OTProfessional·FortinetOfficial page →

Fortinet Certified Solution Specialist - OT Security

Fortinet Certified Solution Specialist - OT Security

GASFExpert·GIACOfficial page →

GIAC Advanced Smartphone Forensics

GIAC Advanced Smartphone Forensics

GBFAProfessional·GIACOfficial page →

GIAC Battlefield Forensics and Acquisition

GIAC Battlefield Forensics and Acquisition

GICSPProfessional·GIAC / SANSOfficial page →

Global Industrial Cyber Security Professional

IT + engineering overlap for industrial control systems.

GRIDProfessional·GIAC / SANSOfficial page →

GIAC Response and Industrial Defense

Active defense and incident response for ICS environments.

GX-FAProfessional·GIACOfficial page →

GIAC Experienced Forensics Analyst

GIAC Experienced Forensics Analyst

ISA CAPProfessional·ISAOfficial page →

ISA Certified Automation Specialist

ISA Certified Automation Specialist

ISA CEExpert·ISAOfficial page →

ISA Cybersecurity Expert

ISA Cybersecurity Expert

TUV COSMProfessional·T\xdcVOfficial page →

TUV Certified OT Security Manager

TUV Certified OT Security Manager

TUV COSPProfessional·T\xdcVOfficial page →

TUV Certified OT Security Practitioner

TUV Certified OT Security Practitioner

TUV COSTEExpert·T\xdcVOfficial page →

TUV Certified OT Security Technical Expert

TUV Certified OT Security Technical Expert

TUV COTCPProfessional·T\xdcVOfficial page →

TUV Rheinland Certified Operational Technology Cybersecurity Professional (GERMAN)

TUV Rheinland Certified Operational Technology Cybersecurity Professional (GERMAN)

Browse all certifications → — pick a cert on the interactive map to highlight every domain it covers.

More in Cybersecurity

A1

Governance, Risk & Compliance

A2

Network Security

A3

Zero Trust Architecture

A4

Application Security

A5

Cloud Security

A6

Identity & Access Management

Test what you know about OT/ICS Security

42 questions available. Beginner to expert questions, scored against the global leaderboard.

Start a QuizSign Up Free