An industrial control system (ICS) is a mechanism used to control the output of a specific industrial process. For example, heating a room is a specific process with the desired outcome of maintaining a defined temperature over time. An ICS would receive information from a device, in this case, the thermostat, and decide to heat or not to heat based on the desired temperature. Supervisory control and data acquisition (SCADA) systems are basically large, complex ICSs.

Information systems access controls are generally not built into SCADA or ICS systems. Systems located on the perimeter of a network must rely on physical access control. The programs controlling these systems can use the access controls built into the environment. Linux and Windows environments can control which users have rights to execute programs; those controls can be utilized to limit access to the SCADA back end to only users who need to access them. The best method would be to create a group that has access to the systems and remove rights from all other users. Only authorized users, or members of that group, would be able to access the application.

Securing industrial control systems requires specialized knowledge of the protocols and standards used in ICS environments. These include a wide range of wired and wireless communications technologies, ICS communications protocols, and ICS approaches. It is quite common to implement ICS-specific security controls, such as segmenting ICS systems onto isolated networks and deploying SCADA firewalls that focus on securing these highly specialized networks.