ANSWERS
IT FOR OT AUTOMATION Steven Seiden, Leighton Johnson, Dr. Tony Barber, Acquired Data Solutions; Djenana Campara, KDM Analytics.
Cybersecurity, IT and OT Information technology strategies can help combat new cybersecurity vulnerabilities and deploy a solid cybersecurity program for operational technology use for industrial control systems, RTUs and SCADA, as IIoT deployments increase.
E
xploitation of resources has been a concern to mission operations since the dawn of the industrial age. Cybersecurity concerns have increased, as well. With advancement of information technology (IT), opportunities to compromise, corrupt, and disable networks and systems has exponentially grown, creating new development of malicious mechanisms. Although the first cybersecurity patent was registered in the early 1980s, the enablement of business needs and protecting mission operations are increasing priorities for national security and intelligence agencies. Cybersecurity within IT has seen exponential growth over the last three decades, but security of traditionally standalone, non-connected systems in the operational technology (OT) space continue to lag behind due to the independent nature of their functionality. OT systems include KEYWORDS: Industrial industrial control systems (ICSs) such as supercybersecurity, IT/OT visory control and data acquisition (SCADA) convergence systems, distributed control systems (DCSs), Understand the summer remote terminal units (RTUs), and program2020 cybersecurity advisory, mable logic controllers (PLCs). With the onset risks, infrastructure of the Internet of Things (IoT) as applied to See cybersecurity risks OT, the Industrial IoT (IIoT), more attention and rewards of integrated IT
M More ANSWERS
and OT. Review risk management modeling, automation, tools
has been given to cybersecurity. During the past decade, there has been a major increase in the demand for connected OT utilization with multiple deployments of advanced technologies requiring connectivity for operations and equipment maintenance. Using IT-enabled OT systems and components increases vulnerabilities, due to the convergence of IT and OT, have exposed new opportunities for cyber-attacks.
Summer 2020 cybersecurity advisory
In July 2020, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security (DHS) alerted U.S. corporations to take immediate actions to reduce vulnerabilities and exposure across all OT and ICSs. The advisory, “NSA and CISA Recommend Immediate Actions to Reduce Exposure Across all Operational Technologies and Control Systems,” (U/OO/154383-20 | PP-20-0622 | July 2020 Rev 1.0), stated: “Over recent months, cyber actors have demonstrated their continued willingness to conduct malicious cyber activity against Critical Infrastructure (CI) by exploiting Internet- accessible OT
CONSIDER THIS Has your IT/ OT cybersecurity risk management advanced to meet the needs of advanced automation and IIoT?
ONLINE If reading from the digital edition, click on the headline for more resources. www.controleng.com/ magazine www.controleng. com/networkingand-security/ cybersecurity
22
•
Figure 1: The standard approach to modeling risk within operational technology (OT), according to NIST, which defines risk as “risk is a function of the likelihood of a threat event’s occurrence and potential adverse impact should the event occur.” Courtesy: NIST via Acquired Data Solutions and KDM Analytics
December 2020
control engineering
www.controleng.com
