The presentation entitled ICS Spear Phishing, held at the 2013 edition of Digital Bond’s Supervisory Control and Data Acquisition (SCADA) Security Scientific Symposium (S4) demonstrated that an attacker could employ a spear phishing attack to obtain rights to the accounts of the Industrial Control System (ICS) administrators or technicians. Motivated by this announcement, this paper analyzes the definition, principle, and problem of spear phishing, which is a social engineering attack. Furthermore, the need for countermeasures to the attack was presented. Attacks with spear phishing are gradually increased, but the existing system used in many organizations (e.g. e-mail filtering system) cannot follow the trend utilized by most attackers. Also, organizations have yet to establish adequate countermeasures, much less any standards for the countermeasures, to the problem of spear phishing. There is an urgent need to accomplish these objectives because the attack is gradually evolving. In summary, this paper advocates the awareness of the spear phishing threat and the implementation of countermeasures such as security education or simulation. In addition, it suggests on how to carry out the simulation effectively and how to quantify the gathered data.