SL 1

SL 1 is a cybersecurity security level commonly used in industrial control system standards to describe protection against casual or accidental misuse, rather than deliberate, well-resourced attacks.

Core meaning

In industrial and OT cybersecurity, Security Level 1 (SL 1) usually refers to the lowest defined level of protection in a multi-level scheme (often SL 1 through SL 4). It typically includes:

• Basic user authentication (for example, unique logins, simple password policies)
• Foundational network protections (for example, simple firewalls or access lists)
• Basic hardening and configuration control (for example, disabling unused accounts or services)
• Protections mainly aimed at preventing inadvertent changes and casual probing

SL 1 generally assumes that an attacker has limited motivation, limited skills, and limited resources. It is not intended to address targeted, sophisticated, or persistent cyber attacks.

Use in industrial and regulated environments

In regulated manufacturing and critical infrastructure, SL 1 is often applied to:

• Non-safety-critical support systems that still connect to OT networks
• Legacy equipment that cannot be upgraded to higher security levels
• Zones where risk assessments show low impact to safety, quality, or regulatory outcomes

Risk-based architectures may mix different SLs across zones and conduits. Some systems or zones may appropriately target SL 1, while others require SL 2, SL 3, or higher, depending on criticality and risk.

Relationship to standards

Security levels, including SL 1, are commonly associated with industrial cybersecurity frameworks and standards. These schemes define capability requirements for each level in areas such as access control, data integrity, system availability, and change management. The detailed criteria vary by standard, but the intent of SL 1 remains a baseline of protection against non-targeted threats.

Operational implications

In practice, specifying SL 1 for a system or zone typically means:

• Documenting the target security level in design and risk assessments
• Implementing minimum controls aligned with that level
• Recognizing that the system is not designed to withstand focused, skilled attackers

For OT, MES, and integrated IT/OT systems, SL 1 serves as a reference point for scoping security controls and for explaining why some systems should not be expected to meet higher levels such as SL 3 or SL 4.

Common confusion

• Not the same as “no security”: SL 1 includes basic, documented protections and is more than an unmanaged or open system.
• Not a maturity level: SL 1 describes targeted technical capability against defined threat types, not organizational process maturity.
• Not universally required: Some assets may intentionally remain outside formal SL classification, depending on risk and architecture.

Tie to the risk-based context

When deciding whether a system should aim for SL 1, SL 2, or higher, organizations typically consider:

• Impact on safety, product quality, and regulatory compliance if compromised
• Feasibility of implementing stronger controls on existing OT and legacy equipment
• Availability of compensating controls at the network or procedural level

Within a risk-based security program, SL 1 is a deliberate design choice for low-risk environments, rather than a default for all systems.