Automation, process control, and I&C systems, all referred to by the blanket term Industrial Control Systems (ICS), are used in almost all infrastructures that handle physical processes, from power generation and distribution, to gas and water supplies, to production, traffic guidance systems, and modern building management. In this fields, aspects of cyber security have been handled with low priority or even neglected for decades. Facing an increasing number of incidents and vulnerabilities, operators of such equipment have no choice but to accept this challenge now. The risk and potential for damage caused by non-targeted malware as well as by specific attacks against ICS infrastructures that are executed in a targeted manner, more competently, and with considerable effort, have to be considered in these efforts. This stands true for all infrastructures, no matter if they are directly connected to the internet or indirectly accessible by cyber attacks.