In this chapter we covered an array of best practice and recommended physical controls that secure every aspect of an ICS facility, and its surroundings. During a security assessment, these recommended controls are compared against the currently implemented controls; the discrepancies show gaps in the security posture for the assessed ICS. Note that not every recommended control is necessary or even applicable to every ICS. Some ICSes might require even more stringent controls. What this chapter showed are the most common controls.
In the next chapter, we leave the physical realm and move on to securing the intangible aspects of the ICS network and its attached devices.