Skip to main content
The Dragos Blog

06.10.24 | 3 min read

The SANS ICS Five Critical Controls: A Practical Framework for OT Cybersecurity 

Dragos, Inc.

Dragos is an industrial cybersecurity company leveraging software, intelligence, and professional services to safeguard civilization. The SANS Institute empowers cybersecurity professionals with high quality training, certifications, degree programs, and more to help them make the world a safer place. Together, we have created a blog series about OT cybersecurity fundamentals, crafted for practitioners and executives alike to gain a better understanding of operational environments and their unique security requirements. This is the third blog in our series.

The Challenge: Overwhelming Security Concerns 

Organizations face a daunting landscape of potential security issues. The vast array of vulnerabilities and threats can leave them uncertain about where to begin with their cybersecurity efforts. 

The Solution: A Real-World Approach to OT Cybersecurity 

The development of the SANS ICS Five Critical Controls represents a significant stride toward enhancing cybersecurity in operational technology (OT) and industrial control systems (ICS). Led by renowned SANS authors and instructors Tim Conway and Robert M. Lee, Dragos CEO and co-founder, the SANS ICS Five Critical Controls framework was born out of a comprehensive analysis of all known ICS cyber attacks. The framework is a concise, impactful set of measures specifically designed for the prevention, detection, and response to cyber incidents in industrial environments. These controls are not only the cornerstone of an effective OT cybersecurity program but are also flexible enough to be tailored to each organization’s unique needs and risk profiles. 

Exploring The SANS ICS Five Critical Controls for OT Cybersecurity

The SANS Institute has developed five critical controls for ICS/OT cybersecurity to cover the basic requirements for all industrial organizations to use for alignment across IT and ICS/OT security teams.

Download Infographic

ICS Incident Response Plan 

  • Objective: Develop a comprehensive incident response plan specifically designed for ICS environments. This plan should encompass procedures for the detection, reaction, and recovery from cybersecurity incidents. 
  • Key Elements: The plan must include clear roles and responsibilities, communication protocols, and steps for incident containment and eradication. 

Defensible Architecture

  • Objective: Construct a network architecture that effectively segments and isolates critical systems. The goal is to minimize the attack surface and reduce the potential impact of cyber incidents. 
  • Key Elements: Implement network segmentation, enforce strict access controls, and utilize demilitarized zones (DMZs) to separate industrial networks from corporate networks. 

ICS Network Visibility and Monitoring 

  • Objective: Achieve continuous monitoring of ICS networks to promptly detect anomalies and potential threats. 
  • Key Elements: Deploy specialized monitoring tools and technologies capable of providing deep visibility into network traffic and system activities, ensuring anomalies and threats can be quickly identified and addressed. 

Secure Remote Access 

  • Objective: Implement secure, controlled remote access solutions to manage and monitor access to ICS environments effectively. 
  • Key Elements: Utilize multi-factor authentication, encrypted communications, and enforce strict access controls to ensure that remote access is both secure and compliant with organizational policies. 

Risk-Based Vulnerability Management 

  • Objective: Conduct systematic vulnerability assessments and prioritize remediation based on the potential impact on critical systems. 
  • Key Elements: Identify, assess, and mitigate vulnerabilities within ICS components, focusing on those that pose the greatest risk to the organization’s critical assets and operations. 
Get your copy of the SANS whitepaper, "The Five ICS Cybersecurity Critical Controls," authored by Tim Conway and Robert M. Lee.
Download Now

Start Here: The Dragos Platform Delivers Value Across the Five Critical Controls 

The Dragos Platform is an ideal starting point for organizations looking to align with the SANS ICS Five Critical Controls. It provides a suite of solutions specifically designed for the unique challenges of OT environments, including: 

  • Comprehensive Coverage: From asset visibility and vulnerability management to threat detection and incident response, the Dragos Platform addresses key cybersecurity use cases. 
  • Integrated Threat Intelligence: By incorporating threat intelligence and community defense programs, the platform ensures organizations stay informed about emerging threats and can share crucial information within the industry. 

Download the Five Critical Controls Infographic for more on each critical control with additional information on how the Dragos Platform can help to drive progress across the set of controls.

Ready to get started on your ICS cybersecurity journey, schedule a Dragos Platform demo.

CTA Image

Request a Platform Demo

Learn more about how you can leverage the Dragos Platform for your business.

Ready to put your insights into action?

Take the next steps and contact our team today.