"This document serves as an appendix to the 'Seven Steps to Defend Industrial Control Systems' document, providing additional conceptual-level guidance on implementing application whitelisting. Application Whitelisting (AWL) can detect and prevent attempted execution of malware uploaded by adversaries. The static nature of some industrial control system (ICS) components, such as database servers and human-machine interfaces, makes these ideal candidates to run AWL. Operators are thus encouraged to work with vendors to baseline and calibrate AWL deployments."
Industrial Control Systems Cyber Emergency Response Team: https://ics-cert.us-cert.gov/