Today’s technology is defined by two terms, information technology (IT) and operational technology (OT). IT is the use of hardware and software to create, store, transmit and retrieve data; it typically includes computers that can act as a server or client, networking devices that are used for routing the traffic, virtual software to reduce the need for hardware and applications to provide a front end to the client to perform various tasks.

On the other hand, OT is the use of hardware and software to detect, monitor or control the physical devices, processes, and events in an enterprise. OT is used primarily used in Industrial Control Systems (ICS) for manufacturing and automation. 

Companies using both IT and OT often fail to securely integrate them. In this article, we will have a look at how IT, which is a subsection of information systems, and ICS, which is a subsection of OT, are different from each other.

The differences between ICS and IT

1. Security objective

IT is more data-centric, where the key requirement is Confidentiality, Integrity and Availability (CIA). On the other hand, ICS is more concerned with Availability and Integrity. Confidentiality is the lowest priority.

Let’s consider an example for the above points:

Imagine an internet banking facility provided by a bank. It’s important to have confidentiality and integrity in net banking. An adversary sniffing or modifying the net banking traffic is a problem, but even if net banking is not available for a few minutes, loss is minimal.

Now, let’s imagine a power grid. Availability is the power grid’s key requirement, as a disruption in the power supply can have a huge impact on the entire grid’s consumers. Power disruption may directly impact IT operations as well, as IT uses electricity. It’s important to note that ICS (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Satyam Singh. Read the original post at: