ICS Cyber Incidents Dashboard (2000-2025)

A 25-Year Chronicle of ICS Cyber Attacks

An interactive dashboard exploring the evolution of threats against critical infrastructure from 2000 to 2025.

Explore the Timeline

This timeline showcases the major Industrial Control System (ICS) cyber incidents over the last two and a half decades. Click on any event dot to view its detailed case study, including the who, what, where, when, why, and the crucial lessons learned. Use the charts and filters below to dynamically explore trends and patterns within this history.

Incidents by Target Sector

Incidents by Attributed Actor

Nation-State Tactic Comparison

This section breaks down the tactics used by different state-sponsored groups. While all pose a significant threat, their methods and objectives vary, from espionage and pre-positioning to outright disruption and destruction. Click on any incident name to view the full case study.

Applying Security Frameworks

Understanding past incidents is crucial, but applying that knowledge through established frameworks is how we build resilient defenses. Below is a look at how these events relate to the two cornerstone ICS security frameworks: ISA/IEC 62443 and MITRE ATT&CK® for ICS.

ISA/IEC 62443: Defense-in-Depth

The ISA/IEC 62443 series is the global standard for securing Industrial Automation and Control Systems (IACS). It’s not a checklist, but a lifecycle approach to risk management. Its core principle is “defense-in-depth,” creating multiple layers of defense through segmentation, access control, and policy.

The lessons from nearly every incident on this timeline directly reinforce 62443 concepts:

  • Zones & Conduits: The Shamoon attack proved the value of segmenting IT and OT networks, a foundational concept in 62443.
  • Authentication Control: The Colonial Pipeline shutdown was caused by a single compromised password, highlighting the standard’s strict requirements for robust authentication, including MFA.
  • System Integrity: Stuxnet’s success in modifying controller logic underscores the need for integrity checks and secure configurations as mandated by the standard.
  • Use Control: The Maroochy Water incident, caused by an insider, shows why least-privilege access and strong use controls are critical.

MITRE ATT&CK® for ICS: Adversary Tactics

This framework is a knowledge base of the specific tactics, techniques, and procedures (TTPs) adversaries use against ICS. It helps defenders understand *how* attacks unfold so they can prioritize detection and response. Click each tactic below to see real-world examples from the timeline.

Trending now

OPC UA: The Industrial Communication Game-Changer You Need to Understand
Unlocking Operational Insights: The Power of Central Data Historians
The Power of Central Data Historians
Securing OT Networks
Securing OT Networks: A Priority for Critical Infrastructure Protection
SCADA Communication Protocols

Review My Order

0

Subtotal

Taxes & shipping calculated at checkout

Checkout