Editor's Choice
Analytical Instrumentation & Environmental Monitoring
Data Acquisition & Telemetry
Electrical Power & Protection
Enclosures, Cabling & Connectors
Fieldbus & Industrial Networking
Flow Measurement & Control
Industrial Computer Hardware
Industrial Wireless
IS & Ex
IT in Manufacturing
Level Measurement & Control
Maintenance, Test & Measurement, Calibration
Mass Measurement
Motion Control & Drives
News
Operator Interfaces, Switches & Relays
PLCs, DCSs & Controllers
Pneumatics & Hydraulics
Pressure Measurement & Control
SAIMC
SCADA/HMI
Sensors & Transducers
Smart Home Automation
System Integration & Control Systems Design
Temperature Measurement
Training & Education
Valves, Actuators & Pump Control


Editor's Choice



Print this page printer friendly version

Cybersecurity for operational technology: Part 4: Practical recommendations to reduce cybersecurity risks for OT systems

November 2021 Editor's Choice

According to the latest report from Clatory, it is critical that defenders understand the attack vectors threat actors may take to compromise industrial networks. Having proper visibility into potential weak spots helps organisations prioritise patching and other risk management activities[1]. It is therefore essential that IT professionals can clearly articulate cybersecurity risks to management. According to the World Economic Forum: “The board as a whole takes ultimate responsibility for oversight of cyber risk and resilience”. This means developing a command of the subject[2].

The first step is to adopt a best practice cybersecurity framework, which provides an holistic view of what is needed and will establish your organisation’s current level of maturity and provide a prioritised risk-based roadmap for improvement going forward. This roadmap is like a nautical chart. Without one, an organisation is adrift in the cyber-sea, without knowing where they are or where they are going. This increases the chances of panic when an incident occurs.

Figure 1 illustrates the key steps and processes required. A comprehensive security assessment is performed against a best-of-breed security framework, generating a prioritised, actionable security roadmap.

Table 1 lists some examples of best practice frameworks.

Care needs to be taken when selecting frameworks as industrial control systems (ICS) have different performance, availability and equipment lifetime requirements to IT systems. It is difficult to apply traditional cybersecurity controls to ICS systems, since they are often a combination of legacy and newer systems.

Often, a single security product or technology cannot adequately protect an ICS. The benefit of a best practice framework is that the IT and ICS components in the business will be evaluated holistically. Defences need to be based on a combination of effective security policies and a properly configured set of cybersecurity controls. This includes the organisation and operations. Figure 2 shows a big picture view of all the areas that need to be addressed.

Table 2 shows an overview of some recommendations mapped to the NIST Cybersecurity Framework specific to ICS environments.

Note: The final step ‘Recovery’ has been left out due to space constraints. Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to cybersecurity. I will cover this in a future article.

One of the best ways to demonstrate commitment to reducing cybersecurity risk is to work towards a recognised security certification of your environment. This will provide stakeholder assurance that reasonable steps have been taken to mitigate cyber threats. One of the best frameworks is ISO 27001, which can be assessed locally by the BSI (British Standard Institution)[8] with assistance from cybersecurity professionals such as Wolfpack[9].

References

[1]Claroty, 2021 Claroty biannual ICS risk & vulnerability report: 1h 2021, https://claroty.com/annual-report/

[2]W.E.F, 2017 Advancing Cyber Resilience Principles and Tools for Boards https://www.weforum.org/whitepapers/advancing-cyber-resilience-principles-and-tools-for-boards

[3]https://www.nist.gov/cyberframework

[4]https://www.iso.org/isoiec-27001-information-security.html

[5]https://www.bsigroup.com/en-ZA/ISOIEC-27001-Information-Security/

[6]https://www.cisecurity.org/

[7]https://www.iec.ch/blog/understanding-iec-62443

[8]https://www.bsigroup.com/en-ZA/

[9]https://wolfpackrisk.com/

About Bryan Baxter


Bryan Baxter.

Bryan Baxter has been in the IT Industry since 1992 in various roles before recently joining Wolfpack Information Risk. He has helped customers successfully manage and deliver IT infrastructures to around 7000 users in several countries, where, of course, the recurring theme has been keeping customers secure from cybersecurity threats. For more information contact Bryan Baxter, Wolfpack Information Risk, +27 82 568 7291, [email protected], www.wolfpackrisk.com


Credit(s)

Tel: +27 11 794 7322
Email: [email protected]
www: www.wolfpackrisk.com
Articles: More information and articles about Wolfpack Information Risk


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Time-sensitive networking
RJ Connect Editor's Choice Fieldbus & Industrial Networking
In this article, we will explore what is driving the rise of time-sensitive networking, how it is reshaping industrial efficiency, the challenges when deploying this technology, and ways to tackle these challenges.

Read more...
Loop Signature 30: Nonlinearity in control loops (Part 1)
Michael Brown Control Engineering Editor's Choice Fieldbus & Industrial Networking
If nonlinearity occurs it means that if one is to carry on controlling with the same response to changes in load or setpoint, then the tuning of the controller will also need to be adjusted to meet the new conditions.

Read more...
Precision in paper processing
VEGA Controls SA Editor's Choice Level Measurement & Control
Paper manufacturing is a demanding process that relies on consistency, precision and control at every stage. The VEGABAR 82 pressure transmitter is well-suited to these harsh environments.

Read more...
Ensuring clean and safe water
Endress+Hauser South Africa Editor's Choice Analytical Instrumentation & Environmental Monitoring
Endress+Hauser’s comprehensive range of disinfection sensors is designed to monitor and control disinfectant levels in water treatment processes.

Read more...
A South African legacy in telemetry
Interlynx-SA Editor's Choice Industrial Wireless
Telemetry is becoming a vital component of industrial strategy, allowing companies to harness real-time data to optimise processes and reduce waste. One company leading this technological shift is Interlynx.

Read more...
Case History 199: Another example of the effectiveness of cascade control
Michael Brown Control Engineering Editor's Choice Fieldbus & Industrial Networking
In my last article I wrote about how cascade control systems can effectively overcome valve problems. This article gives another example of how a temperature control was able to perform well, in spite of really severe valve problems.

Read more...
Upgrading legacy automation
Omron Electronics Editor's Choice Fieldbus & Industrial Networking
Legacy automation is characterised by technology in the later stages of its useful life. As new automation technologies continue to emerge and interconnect at an exponential rate, failing to integrate these technologies can widen the gap between the competitive and the obsolete.

Read more...
Planetary gear units for high torque requirements
SEW-EURODRIVE Editor's Choice Motion Control & Drives
Packing a compact design, along with high torque and low-speed outputs, the new SEW PPK and SEW P2.e planetary gear units from SEW-EURODRIVE offer new capabilities in continuous heavy-duty applications where space is at a premium.

Read more...
These robots crawl into every nook and cranny
DNH Tradeserve t/a DNH Technologies Editor's Choice Motion Control & Drives
Inuktun's small crawler robot magnetically sticks to metal walls and is able to move in all directions. It carries cameras, sensors and tools for inspection or maintenance work in tight pipes and on the outer hulls of tanks or ships. All crawler modules and cameras are equipped with brushed DC motors from Swiss drive specialist, maxon using various motor-gearhead combinations.

Read more...
Swiss watchmaking meets hypercar power
Horne Technologies Editor's Choice
The display of Bugatti’s upcoming luxury model, Tourbillon will be something truly special. Instead of a digital version, the driver will see a genuine Swiss timepiece behind the steering wheel.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  Hi-Tech Security Solutions
»  Hi-Tech Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd | All Rights Reserved