Electricity + Control November 2017

CONTROL SYSTEMS + AUTOMATION

public and private organisations and other entities with a role in securing the national infrastructure. Members of each critical infrastructure sector perform functions that are supported by IT and OT including ICSs. The OT and IT are increasingly advanced, pervasive and connected. This reliance on technology, communication, and the intercon- nectivity of IT and ICS has changed and expanded the potential vulnerabilities and increased poten- tial risks to operations. While IT/OT convergence offers many benefits, it also increases the connec- tivity and criticality of these systems and creates a greater need for ICS adaptability, resilience, safety, and security. Nowadays, industrial organisations globally take safety seriously and have reduced cybersecurity risks for people. But as the world rapidly connects devices and machines, it is time to assess cybersecurity weaknesses as the first step toward ensuring better protection of people, information, technology, and facilities. Safety must be job one! Securing OT, ICS and IT environments Securing an OT and ICS environment is signifi- cantly different from securing a traditional IT en- vironment. What we are securing is different, and how we are securing it is different. Although some characteristics are similar, ICS has characteris- tics that differ from traditional IT systems. Many of these differences come from the fact that ICS has a direct effect on the physical world. Some of these characteristics include significant risk to the health and safety of human lives and serious damage to the environment, as well as serious is- sues such as production losses, negative impact to a national economy, and compromise of pro-

transportation, oil and gas and chemical, all rely on ICSs to supervise and control their key process- es. As industries lean towards pervasive process automation and maintenance-free operations, the role of ICSs in these sectors is even greater. Digital transformation changed the ICS envi- ronment from proprietary and isolated systems to open architectures and standard technologies. This move towards connecting ICS and IT environ- ments (IT/OT convergence) results in an increased attack surface exposing the critical functions to higher cybersecurity risks. The priority of ICS se- curity results from the great impact on national critical functions. The interconnection of critical Infrastructure across the continent, or a particu- lar country, may result in a cascading effect in the case of a successful cybersecurity attack. With new, open technologies and communication pro- tocols, ICSs are increasingly vulnerable to attack, disruption and damage. Nowadays, organisations are facing increased IT/ OT convergence and operational models that often require remote network access. The critical infra- structure demands high quality, real-time informa- tion to make more accurate business decisions. With Fourth Industrial Revolution (Industry 4.0) and Industrial Internet of Things (IIoT) that promise new opportunities for cost savings and operational improvements, ICS and IT systems will be com- pletely interconnected. The result of this dynamic change in the industry is that availability, reliabili- ty, integrity, safety and security of ICSs, networks and devices can no longer be taken for granted. As ICSs are adopting IT solutions to promote corporate connectivity and remote access capa- bilities, and are being designed and implemented using IT standard computers, Operating Systems (OSs) and network protocols, they are starting to resemble IT systems. This integration supports new operational capabilities, but it provides sig- nificantly less isolation for ICSs from the outside world than predecessor systems, creating a great- er need to secure these systems. A rapidly increas- ing number of incidents in the ICS domain, many of which are confirmed or believed to result from cybersecurity attacks, reveals the vulnerability and fragility of this area and highlights the importance of continuous improvement of ICS cybersecurity. The critical infrastructure community includes ICS cybersecurity in the converging IT/ OT environment

Take Note!

Operational Technology and Industrial Control Systems (ICSs) are the fundamental compo- nents of national criti- cal infrastructure in any country. With Industry 4.0 and IIoT – and the promise of new opportunities for cost savings and oper- ational improvements, ICS and IT systems will be completely intercon- nected. The result of this dynam- ic change in the industry is that availability, reli- ability, integrity, safety and security of ICSs, networks and devices can no longer be taken for granted.

1

2

3

prietary information. ICSs have unique performance and reliability requirements and often use op- erating systems and applications that may be considered uncon- ventional to typical IT personnel. Furthermore, the goals of safety and efficiency sometimes conflict with security in the design and op- eration of ICSs.

Cybersecurity threats are placing national security, economy, public safety and health at risk … like never before.

Attack on IT – attack on OT An attack on IT could lead to information theft, but an attack on OT could affect the physical world (people, technology, environment, facilities). It is a serious distinction. IT cybersecurity focuses on

Electricity + Control

NOVEMBER 2017

5