From the very beginning, critical infrastructure networks were designed solely for control purposes and to provide operators with information. Cyber security was not even a distant consideration, as cyber attacks were practically unheard of.
The beginning of the 21stcentury brought about a newfound awareness of the potential damage that cyber attacks can cause. Still, cyber security was viewed primarily in terms of its traditional roots – as an IT-type risk – and was treated as such in terms of threat mitigation.
The traditional doctrine for securing networking devices focuses on two basic elements:
The first is an anti-virus, which is simply a software running on a PC. The second is the firewall.