Traditionally, the ICS systems that control operations (known as Operational Technology or OT) were separate from business IT systems. But now, as organisations adopt more digital technologies and seek greater efficiency, there is greater convergence between OT and IT systems. This trend is expected to continue as new technology is introduced.
Organisations must understand that OT and IT face different risks and require different protections. It's important to keep a secure boundary between them and apply the right security measures to manage weaknesses or vulnerabilities in each system.
The following resources provide more guidance on how to protect your industrial control systems from cyber security threats.
Developing an operational technology and information technology incident response plan
Produced by the Canadian Government, December 2020.
This guidance is intended to inform organisations how best to respond to the convergence of Information Technology (IT) and Operational Technology (OT) environments in today’s cyber security landscape.
Developing an Operational Technology and Information Technology Incident Response Plan External Link
CNI system design: secure remote access
A Critical National Infrastructure (CNI)-specific look at guidance on remote access architecture design.
Produced by the NCSC UK, November 2020.
A Critical National Infrastructure (CNI)-specific look External Link
Actions to reduce exposure across all operational technologies (OT) and control systems
Recommendations to reduce exposure across operational technologies and control systems.
Produced by the National Security Agency (NSA) along with the Cybersecurity and Infrastructure Security Agency (CISA), July 2020.
Advisory issued by NSA and CISA [PDF, 423KB] External Link
Voluntary cyber security standards for control systems operators
NCSC and industry organisations developed this standard to support New Zealand’s control systems operators in building resilient cyber security defences and practices.
Developed by the NCSC in partnership with the New Zealand Control Systems Security Information Exchange (CSSIE), 2019.
To note this standard has not been updated since 2019.
Voluntary Cyber Security Standards for Control Systems Operators [PDF, 682 KB] External Link
Operational technology environments
A set of publications on critical infrastructure and their supporting operational technology environments.
Produced by the Australian Cyber Security Centre (ACSC)
Operational technology environments | Cyber.gov.au External Link
Industrial control systems
More information including advisories and alerts, training and guidance about important initiatives that support and protect America’s vital industrial control systems.
Produced by the USA’s Cyber and Infrastructure Security Agency (CISA), 2025.
Industrial Control Systems | Cybersecurity and Infrastructure Security Agency CISA External Link
Recommended cybersecurity practices for industrial control systems
An infographic produced by CISA.
Recommended Cybersecurity Practices for Industrial Control Systems External Link
Studies in secure system design
Worked examples for operational technology and virtualised systems.
Produced using the United Kingdom’s National Cyber Security Centre’s secure design principles.
Studies in secure system design - NCSC.GOV.UK External Link
Report it
To report a cyber security incident affecting industrial control systems, use our online reporting tool.