introduction to #OT cybersecurity for O&M teams.pdf

The document discusses cyber security challenges for industrial control systems (ICS) and SCADA networks. As ICS were connected to networks and the internet, it increased opportunities for remote hacking and destruction. The disconnect between traditional IT security practices and operational needs of ICS led to vulnerabilities. Common security strategies like network isolation are no longer effective due to widespread connectivity. Recent attacks have shown that hackers can compromise ICS equipment directly and cause physical damage. The document argues industry must adopt new security technologies and policies tailored for ICS in order to address growing threats.

This paper deals with the inevitable consequence of the convenience and efficiency we benefit from the open, networked control system operation of safety-critical applications: vulnerability to such system from cyber-attacks. Even with numerous metrics and methods for intrusion detection and mitigation strategy, a complete detection and deterrence of internal code flaws and outside cyber-attacks has not been found and would not be found anytime soon. Considering the ever incompleteness of detection and prevention and the impact and consequence of mal-functions of the safety-critical operations caused by cyber incidents, this paper proposes a new computer control system architecture which assures resiliency even under compromised situations. The proposed architecture is centered on diversification of hardware systems and unidirectional communication from the proposed system in alerting suspicious activities to upper layers. This paper details the architectural structure of the proposed cyber defensive computer control system architecture for power substation applications and its validation in lab experimentation and on a cybersecurity testbed.

The document discusses standards for cybersecurity in the energy sector. It notes that threats are increasing as energy infrastructure becomes more connected and data-driven. The document outlines some key cybersecurity standards for the energy industry including NERC CIP, IEEE1686, and IEC 62351. It maps these standards based on their level of technical detail and completeness. The document also discusses best practices for cybersecurity including technological and operational controls and how standards relate to controls for protection, detection and response.

Computer systems face security risks like trespassing, theft, alteration of information, and cyber crimes. To address these concerns, organizations must implement security measures to protect their data and systems. These include physical security of computer hardware, restricting access to data and software, using passwords and access codes, conducting security audits, and keeping backup files in secure locations away from the main system. Proper security controls and regular reviews are needed to safeguard computer systems and information from damage or unauthorized access.

SCADA systems control some of the most vital infrastructure in industrial and energy sectors, from oil and gas pipelines to nuclear facilities to water treatment plants. Critical infrastructure is defined as the physical and IT assets, networks and services that if disrupted or destroyed would have a serious impact on the health, security, or economic wellbeing of citizens and the efficient functioning of a country’s government.

This document provides an overview of threats to industrial control systems (ICS) in 2015-2016. It finds that ICS incidents increased significantly, with 295 reported in 2015 alone. The main targets were critical manufacturing, energy, water and dams, and transportation systems. Nation-states, cybercriminals, and insiders engaged in attacks that disrupted operations and in some cases caused physical damage. Going forward, the threats are expected to grow as adversaries develop new tactics like ransomware targeting ICS and insider threats continue to be a problem. Organizations must take steps to strengthen ICS security through measures like secure network architecture and incident response planning.

Security incidents rise at an alarming rate each year. As the complexity of the threats increases, so do the security measures required to protect industrial networks. Plant operations personnel need to understand security basics as plant processes integrate with outside networks. This paper reviews network security fundamentals, with an emphasis on firewalls specific to industry applications. The variety of firewalls is defined, explained, and compared.

The document analyzes how the Stuxnet worm could spread from an infected computer on a corporate network to compromise an isolated industrial control system (ICS) following best security practices. It describes a hypothetical high-security ICS site and proposes several pathways Stuxnet could use to migrate internally and sabotage the system. Key findings include that completely preventing infection is impossible and ICS security must focus on containment, segmentation, diversity, and improving security culture.

This document provides an overview of cyber security challenges for industrial control systems (ICS) and introduces Darktrace's Industrial Immune System as an innovative solution. The key points are: 1) ICS networks face growing threats as they increasingly connect to corporate IT networks and the internet, but existing defenses like firewalls are inadequate. Attacks have caused damage at facilities like power plants and a German steel mill. 2) Darktrace's system implements a real-time "immune system" that analyzes network behavior to establish a baseline and detect anomalies, allowing threats to be identified early before they cause disruption. 3) Unlike rule-based systems, Darktrace adapts over time and can detect "unknown unknown"