There is described a digital agent for monitoring of cybersecurity-related events in an industrial control system, said digital agent being residable in a host and comprising: - a module for monitoring behavioral data of said host, such as violation of security policy, system usage metric, etc. - a module for recording behavior baseline of said host, such as operating system, operating system version, firewall status etc. - an agent state machine for monitoring the CPU load and/or memory usage of said host; and - an agent communication module for transmitting monitored data to an analysis unit external to the industrial control system. There is also discussed a cybersecurity system including an agent according to the invention, a method for operating an agent as well a computer program for executing the method.
展开▼