With the prevalence of information and communications technology, industrial control systems used by critical infrastructures are increasingly exposed to cyberattacks. This paper provides an overview of the security characteristics of industrial control systems, focused on major cyberattacks and essential security measures as well as how to perform cybersecurity risk management. The paper also addresses the roles and responsibilities of the government in protecting critical infrastructures and enhancing cybersecurity.