Skip to content


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page

CPNI: Protecting UK critical national infrastructure by securing industrial control systems

Without services from sectors like energy, water, transport and communications, the UK could suffer serious consequences including severe social disruption or even loss of life. It means the infrastructure that underpins those sectors is critical.

Protecting these critical services is becoming more complex as providers become increasingly reliant on modern industrial control systems (ICS) to deliver their core operations. These systems are constructed from widely available off-the-shelf technologies. While they deliver significant cost and performance benefits, they also dramatically increase the threat of cyber-attacks that could result in a security breach.

To manage these risks and support the UK Government’s cyber security strategy, we worked with the Centre for the Protection of National Infrastructure (CPNI) and the UK’s National Technical Authority for Information Assurance (CESG) to create a framework of ICS guidance documents and a companion security assessment tool. The CPNI and CESG have published the guidance documents and the tool is now available nationwide.

The Security for Industrial Control Systems (SICS) framework gives critical infrastructure organisations practical guidance and helps them develop a thorough understanding of ICS risks. That means they can reduce the likelihood and potential impact of a cyber-incident. Along with the ICS Security Assessment Tool, organisations now have a comprehensive system for assessing their ICS security. And it means best practice is shared across all sectors.

UK industry have welcomed this and organisations overseas are also adopting the approach. The guidance and tool are set to play a key role in protecting vital infrastructure, while making sure businesses can continue to unlock the benefits of valuable new technologies.

The guidance is on the National Cyber Security Centre (NCSC) website and the tool is available through NCSC advisers.


Thanks to @pa_consulting critical infrastructure organisations can assess cyber-attack risk through @ncsc

Contact the digital trust and cyber security team

By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.