WHAT IS A CPS?
As defined by Gartner®, cyber-physical systems (CPS) are “engineered systems that orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans). When secure, they enable safe, real-time, reliable, resilient and adaptable performance.”
The term CPS encompasses the operational technology (OT) assets, building management system (BMS) equipment, internet of medical things (IoMT) devices, and other types of both legacy and modernized connected assets that underpin operations across critical infrastructure sectors. Key examples of CPS include patient monitoring systems and infusion pumps in hospitals, programmable logic controllers (PLCs) and engineering workstations at manufacturing plants, and connected HVAC systems and elevators within intelligent buildings, among many others.
THE CURRENT STATE OF CPS SECURITY
The current state of CPS security reflects changes to traditional security approaches in protecting cyber-physical systems. This reality has grown clearer and clearer over the past decade as the interconnectivity, variety, and prevalence of CPS in industrial environments have rapidly expanded.
Historically, the security priorities of industrial environments were largely limited to ensuring that OT assets remained air-gapped.
Today, however, it is commonplace for industrial environments to be intertwined with their IT counterparts and the Internet. This norm is the product of digital transformation — particularly, the explosion of IoT, IIoT, IoMT, BMS, and other types of CPS that organizations are increasingly implementing both alongside and in place of their legacy OT assets and traditional medical devices. These conditions have given rise to a vast, diverse, and everexpanding web of cyber-physical connectivity: otherwise known as the Extended Internet of Things (XIoT).
The benefits of the XIoT are undeniable — from efficiency, to innovation, to sustainability — but it is also exposing critical industrial environments to cyber threats. Case in point is the scourge of ransomware and other destructive cyber attacks affecting CPS in recent years. Unfortunately, the connectivity such attacks exploit is growing at a rate that continues to outpace efforts to secure it. And, with Industry 5.0 on the horizon and once-futuristic technologies like edge computing and autonomous systems approaching mainstream, the risks are worsening.
For security leaders responsible for protecting their organization’s CPS environment amid these conditions, the challenges are complex and seemingly countless. Key considerations include:
Views: 2