The cybersecurity awareness for OT systems has increased in the recent years with the number of increasing cyber events in the industry. OT systems were commissioned as standalone systems and installed in a physically secure environment protected by physical security controls such as fences and gates. Legacy control systems were operated only by onsite operators by manual operations. Modern OT systems provide more sophisticated features than legacy control systems with the recent requirements from system owners such as remote connectivity to control system environments or moving to interconnected digital systems. While these new requirements provide improved business and productivity, they also created a bridge to the air gaped connection between control system components and corporate networks. The new interconnected architectures and the integration with IT systems introduced new vulnerabilities and risks. The most important challenge while addressing the security solutions of OT systems is policy making mechanism are dominated by IT security professionals since the awareness of cybersecurity has increased in the IT systems many years before OT systems. In OT security systems, main focus is the physical processes while for IT security mostly focuses on the protection of information. Many Industrial Control Systems are built in an environment where availability is the most crucial criteria for operations. From cybersecurity point of view system defense and protection was not considered as a primary problem rather physical security was initial concern because of the safety perspective. Due to the fact that OT systems were not interconnected with corporate networks and internet, cybersecurity was not taken into account as an issue. Furthermore, control systems were implemented in a trusted environment. The vulnerabilities, cybersecurity and system requirements has changed in time with the industrial control system owner’s more complicated demands. More sophisticated IT functionalities, inter-connectivity with corporate networks, using standard IT network protocols, remote access and internet connection requirements introduced new vulnerabilities for OT systems. By considering the availability as a priority, exchanging countermeasures from physical security to protection strategies for traditional IT systems standards is challenging for OT Systems.
The cybersecurity awareness for OT systems has increased in the recent years with the number of increasing cyber events in the industry. OT systems were commissioned as standalone systems and installed in a physically secure environment protected by physical security controls such as fences and gates. Legacy control systems were operated only by onsite operators by manual operations. Modern OT systems provide more sophisticated features than legacy control systems with the recent requirements from system owners such as remote connectivity to control system environments or moving to interconnected digital systems. While these new requirements provide improved business and productivity, they also created a bridge to the air gaped connection between control system components and corporate networks. The new interconnected architectures and the integration with IT systems introduced new vulnerabilities and risks. The most important challenge while addressing the security solutions of OT systems is policy making mechanism are dominated by IT security professionals since the awareness of cybersecurity has increased in the IT systems many years before OT systems. In OT security systems, main focus is the physical processes while for IT security mostly focuses on the protection of information. Many Industrial Control Systems are built in an environment where availability is the most crucial criteria for operations. From cybersecurity point of view system defense and protection was not considered as a primary problem rather physical security was initial concern because of the safety perspective. Due to the fact that OT systems were not interconnected with corporate networks and internet, cybersecurity was not taken into account as an issue. Furthermore, control systems were implemented in a trusted environment. The vulnerabilities, cybersecurity and system requirements has changed in time with the industrial control system owner’s more complicated demands. More sophisticated IT functionalities, inter-connectivity with corporate networks, using standard IT network protocols, remote access and internet connection requirements introduced new vulnerabilities for OT systems. By considering the availability as a priority, exchanging countermeasures from physical security to protection strategies for traditional IT systems standards is challenging for OT Systems.
Bridging the Gap Between IT and OT Cybersecurity: A Taxonomy of Challenges, Defense Strategies and Solutions
BAL, SATI NUR
2023/2024
Abstract
The cybersecurity awareness for OT systems has increased in the recent years with the number of increasing cyber events in the industry. OT systems were commissioned as standalone systems and installed in a physically secure environment protected by physical security controls such as fences and gates. Legacy control systems were operated only by onsite operators by manual operations. Modern OT systems provide more sophisticated features than legacy control systems with the recent requirements from system owners such as remote connectivity to control system environments or moving to interconnected digital systems. While these new requirements provide improved business and productivity, they also created a bridge to the air gaped connection between control system components and corporate networks. The new interconnected architectures and the integration with IT systems introduced new vulnerabilities and risks. The most important challenge while addressing the security solutions of OT systems is policy making mechanism are dominated by IT security professionals since the awareness of cybersecurity has increased in the IT systems many years before OT systems. In OT security systems, main focus is the physical processes while for IT security mostly focuses on the protection of information. Many Industrial Control Systems are built in an environment where availability is the most crucial criteria for operations. From cybersecurity point of view system defense and protection was not considered as a primary problem rather physical security was initial concern because of the safety perspective. Due to the fact that OT systems were not interconnected with corporate networks and internet, cybersecurity was not taken into account as an issue. Furthermore, control systems were implemented in a trusted environment. The vulnerabilities, cybersecurity and system requirements has changed in time with the industrial control system owner’s more complicated demands. More sophisticated IT functionalities, inter-connectivity with corporate networks, using standard IT network protocols, remote access and internet connection requirements introduced new vulnerabilities for OT systems. By considering the availability as a priority, exchanging countermeasures from physical security to protection strategies for traditional IT systems standards is challenging for OT Systems.| File | Dimensione | Formato | |
|---|---|---|---|
|
BAL_SATI_NUR.pdf
accesso riservato
Dimensione
1.17 MB
Formato
Adobe PDF
|
1.17 MB | Adobe PDF |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/62419