Skip to content


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page

Securing mission and safety-critical industrial control systems

PA energy cyber security expert Justin Lowe discusses protecting the energy industry from cyber threats

Industrial control systems (ICS) often perform mission or safety-critical functions to operate infrastructure for electricity generation, transmission and distribution, oil and gas drilling, production and processing and potable or waste water systems. This puts ICS at the heart of critical national infrastructure.

However, these vital systems are increasingly at risk of cyber attack. Why? ICS are now often constructed from off-the-shelf technologies which are relatively easy to hack. The increasingly complex interconnectivity between ICS with other business IT systems and even the internet, increases the risk further. Coupled with freely available ICS hacking tools, makes carrying out attacks easier. 

All of this means that organisations reliant on industrial control systems need to improve and maintain security to reduce the likelihood and impact of cyber security incidents.By doing this, organisations can also realise the important business benefits that stem from secure access to operational data.

PA’s best practice approach for ICS security provides a proven framework for understanding and addressing the risks.

The framework has been adopted by the UK Government’s Centre for Protection of National Infrastructure and is used across the UK Critical National Infrastructure (CNI).

Our dedicated team of industrial control systems engineers and security professionals helps clients with:

  • security audits, risk assessments and health checks

  • security frameworks and management systems: policy, standards and procedures

  • secure solution design

  • security and penetration testing

  • training and awareness

  • response and continuity planning.

Our strong track record in ICS security includes:

  • BP - dramatically improving the security of mission and safety critical systems for BP

  • UK Centre for the Protection of National Infrastructure - developing new national guidance for managing employee risk and protecting the critical national infrastructure

  • helping a leading oil and gas drilling company improve safety, reliability and operations though secure remote monitoring and access solutions
  • developing security frameworks and standards for global oil and gas companies to enable strategic digital oilfield initiatives
  • helping a US utility comply with NERC Critical Infrastructure Protection (CIP) regulations
  • developing a cyber security programme for a nuclear power plant operator
  • running a security health check and developing a security improvement plan for a water utility
  • advising electricity distribution network operators on security design reviews, risk assessments and mitigations for major smart grid trial projects
  • working with electricity distribution network operators to develop security management frameworks to support the transition to smart grids.

Contact the energy and utilities team


By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.