In the past process control systems were based on manufacturer specific hard and software components that were not standardized and on the whole they were not networked. From today's perspective these systems were comparatively secure.

Since then new IT technology has been introduced in the automation technology industry to allow better information networking but this has also led to acceptance of security vulnerabilities e.g. because of 

• Increasing decentralization of automation functions  
• Increasingly open windows based systems
• LAN- networking in the field
• Increased use of internet based services (e.g. remote maintenance)
• Growing use of heterogeneous systems over the years
• Problems of software patches  
• The networking of business IT with production IT  

Additionally there are external threats from cyber attacks which according to experts are at least doubling in number every year. It is estimated that there are more than 3000 attacks on automation technology networks every year.

There are also internal threats from unintentional or intentional human actions which can cause damages (interfaces with laptops, USB sticks, errors from application programming or system administration).