With ICSs, we are in a very uneven battle. ICSs were not made to be cyber secure and often cannot be upgraded to provide what many in the cyber security community would consider to be a minimal level of protection. On the other hand, the hackers are dedicated to finding and exploiting vulnerabilities and have been given access to the latest zero-day exploits. As I believe it is a losing battle to secure ICSs, we need to be able to detect cyber attacks that affect operational system performance and we need to have a resilience/recovery plan.