COMSM0120 Security of Industrial Control Systems

This module was taught between 2022 and 2024 as part of the MSc Cyber Security (Infrastructures Security) programme at the University of Bristol. The course delivers an in-depth understanding of securing Operational Technology (OT) and Critical National Infrastructure (CNI) against complex cyber threats.

Course Overview

Industrial environments rely heavily on interconnected cyber-physical systems that manage physical processes. This module explores how to apply rigorous security principles to legacy and modern control environments, balancing safety constraints with digital security requirements.

Key Topics Covered

• IT/OT Convergence: Managing vulnerabilities that arise when linking business IT systems with physical Operational Technology networks.
• ICS/SCADA Architectures: Architectural mapping, security protocols, and device layouts involving PLCs, HMIs, and RTUs.
• Threat & Risk Analysis: Conducting quantitative cyber-physical risk assessments tailored for specialized industrial sectors.
• Industrial Network Hardening: Developing network segmentation strategies and defense-in-depth frameworks to minimize the attack surface.
• Anomalous Event Detection: Deploying specialized host-based mitigation tools and industrial intrusion detection systems (IDS).

Practical Component

Students gained practical experience using the university’s custom state-of-the-art testbed infrastructures to run simulated attack scenarios and build defensive automation pipelines.