WIBU-SYSTEMS
354
WIBU-SYSTEMS
354

Cybersecurity and Trustworthiness in IT/OT

MarketingWIBU-SYSTEMS AG on October 30, 2019 at 2:08 PM

Earlier this year, ARC Advisory Group, in conjunction with Kaspersky Labs, conducted a survey on the State of Cybersecurity of Industrial Control Systems (ICS) as well as the priorities, concerns, and challenges it brings for industrial organizations. Survey participants were nearly split equally between Operation Technology (OT) and Information Technology (IT) professionals.

Not surprisingly, nearly 80% of the companies surveyed stated that OT/ICS cybersecurity was a high priority and felt the need to invest in more resources, in both systems and ICS staff experts, to adequately address the necessary protection mechanisms. When asked to rank their concerns around an ICS cybersecurity incident, respondents primarily cited the health and safety of their employees (78%), as well as possible damage to the quality of their products or services (77%) as major worries, should the worst happen. The loss of customer confidence (63%) and possible damage to equipment (52%) were also rated as significant concerns.

While there was much data to absorb in the report, one particular point of interest for me was the relationship between OT and IT. Nearly 80% of companies surveyed regarded the growing interconnectedness of OT and IT as a challenge, mainly as a result of the digitalization of OT (industrial networks in particular), which can expose industrial systems and devices that might not be adequately protected to cyberthreats. IT and OT teams often have different security priorities and different goals for maintenance and improvement of their systems. In addition, cultural differences and the lack of communication between departments can exacerbate the problem.

In just the past few years, the convergence of IT and OT has become a well-worn topic of discussion, as there have been a few bumps in the road along the way. Let’s take a brief historical perspective and introduce the notion of “trustworthiness” and how it can serve to smooth the path towards convergence.

OT has been used for many years to implement complex technical processes in industries such as energy generation and delivery, oil/gas, production, transportation and others. OT systems were rarely connected to the Internet as their security capabilities were unable to withstand hacker attacks. As a result, OT systems were unable to take advantage of the benefits of cyber connected systems, such as remote access and administration, centralized data collection and analysis, or cloud-based access to information for process automation e.g. automatic access to weather forecasts to optimize commercial energy usage.   

In the past 20 years, IT learned how to safely connect to the Internet, but only after experiencing frequently increasing security issues and cyber-attacks. Today, we have IT systems capable of remotely accessing all types of private or public information and executing complex operations, such as Software as a Service (SaaS). However, IT systems are still not ready to handle the high security demands of OT systems.

The convergence of IT and OT is required to successfully implement Industrial IoT systems, but the challenges for such a confluence are high, as noted in the ARC survey: Both sides have significantly different priorities, system models, and terminology.

Let’s look at the term Trustworthiness – a paradigm put forth by the National Institute of Standards and Technology (NIST) and the Industrial Internet Consortium (IIC) to address the key system characteristics of cyber-connected IIoT systems. The IIC defines trustworthiness as the degree of confidence one has that a system performs as expected, characterized by 5 key elements: the degree of safety, security, privacy, reliability, and resilience in the face of environmental disruptions, human errors, system faults and attacks.

Trustworthiness is a trait used for years to define the characteristics of both IT and OT systems. For IT, trustworthiness mainly addresses security, reliability, privacy and resiliency, while safety is a lower priority. On the other hand, trustworthiness for OT mainly addresses safety, reliability and resilience. Security is only marginally addressed and privacy is out of any OT scope. Addressing the missing key system characteristics in both IT and OT systems and focusing on the five key characteristics of the IIoT trustworthiness paradigm will solve many IT/OT convergence problems, especially concerning security, safety, and privacy.

If you are interested in taking a more in-depth look at the characteristics of Trustworthiness in regards to the IIoT, the September 2018 edition of the IIC’s Journal of Innovation features nine articles highlighting different aspects of Trustworthiness, including a short introduction and an article on Trustworthiness in Industrial System Design by me.

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Schneiderstr. 6, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.