Much of what’s here I advocated in my previous professional life:

A SCADA environment (Supervisory Control and Data Acquisition) is unlike a conventional IT network in that it provides interconnectedness between industrial systems such as robots, valves, thermal or chemical sensors, command and control systems and HMI (Human Machine Interface) systems, rather than desktops. These environments monitor, manage and administer critical infrastructures in various fields such as transport, nuclear, electricity, gas, water, etc.

Historically, these SCADA control systems have used a dedicated set of communication protocols but as technology and industrial architectures have evolved, these same industrial systems are all interconnected via a conventional IP network. The problem of course is not the use of the conventional IP but rather potentially vulnerable environments such as an unpatched Windows operating system on an HMI platform. Reducing down time is sometimes justification enough to postpone patching on these systems, making SCADA environments potential targets for cybercriminals.

via Fortinet Blog | News and Threat Research Security 101: Securing SCADA Environments.

Read on for their recommendations.