Navigating ICS Security: Knowing the Basics
As we begin our new decade of the 2020s, we can look back at the last 30 odd years and examine the collaboration between technology and our daily lives. If you think of your day-to-day, it’s easy to see how much our society relies on technology. Consider our smart devices such as mobile phones, watches, even homes. However, what about the technology that we don’t see, that gives us clean drinking water, removes wastewater, and keeps our homes warm? Industrial Control Systems (ICS) are often considered a part of the Critical National Infrastructure (CNI). CNI is generally classified as assets needed to keep our society and economy running as we expect, our normal.
How Well Are ICSs Protected Regarding Cyber Security?
It depends on what side of the security triad you’re looking at. Is operational technology (or OT) highly available? Yes, traditionally OT was designed, purpose built even in some situations, to remain online at all costs. Confidentiality or Integrity on the other hand, these weren’t a massive part of the conception. However, in fairness, the assets on an OT network aren’t like what we have over on the IT side of things.
Considering OT and IT work separately, you might think there’s little overlap in the real world, if so you would be wrong. Over the last thirty years there has been a consistent trend to connect these two worlds. You may have heard of the Purdue Model developed in 1990, which was created in an attempt to classify the different domains of management for physical processes.
Businesses are formed around risks, budget, and the responsibilities of teams. Often times risks when it comes to cybersecurity aren’t well understood, and therefore the budget doesn’t effectively reflect this. There are the known challenges of defining clear roles and responsibilities when (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/navigating-ics-security-basics/