The Future Of Industrial Cyber Security - Operational Technology Vs Cyber Physical.
The reverse is also true, components need be resilient, what happens if a nail was penetrated through the plants wires by a rouge contractor? Here, CIA should also be applied at a component level, so if mechanical components fail then how should the OT environment expect to react? It’s very different to a DLP alert that’s triggered when someone sends out sensitive data in your office network. Cyber security principals remain valid, just with a different mindset, within IT, a ddos attack is seen differently in an OT environment, if that nail did strike, then how is the pressure in the pipes monitored? What counter measures can be automated? to what extent? Perhaps an IPS would not be applicable as having false positives is far more impactful, you cant just 'tune it out’ like in most common cyber security systems.
The 7 layers of OSI (a.k.a the Internet) are just foundational considerations within plant environments, where only some sensor elements loop back for field data to trigger intelligent alerts, of course the field sensors would have to give the deterministic details required (it's not plug n play yet). In fact, OT environments have their own layers that allow convergence to take place explained Peter, this adds to the vulnerability identification challenge.
The way traditional cyber security looks at vulnerability is more augmented with OT, and as we move to industry 4.0 all industries are converging base technologies which means more possible vulnerability combinations and brand new risk models to be made aware of, like, oil or water plants need greater physical controls which is different to IT that typically has assets as 'information', whilst in OT, the asset is 'functional' likes plants, human security or component security.
The future of Industrial cyber security is going to create a lot of innovative technologies as traditional utility infrastructures are also now going to have to treat our smart-homes as field end devices?
The webinar and Peter's full profile is available on demand here.
The IET Digital Library has many journals on the topic of Cyber Physical Systems found here.