web analytics

CYBERSECURITY Improvements Needed in Addressing Risks to Operational Technology

Rate this post

The National Institute of Standards and Technology (NIST) describes OT as a broad range of programmable systems and devices that interact with the physical environment (or manage devices that interact with the physical environment).13 These systems and devices detect or cause a direct change through monitoring and/or control of devices, processes, and events. Figure 1 shows the key components of an OT system using a pipeline system as an illustrative example.

According to NIST, examples of OT include supervisory control and data acquisition systems, distributed control systems, and building automation systems.

  • Supervisory control and data acquisition systems are used to control dispersed assets where centralized data acquisition is as important as control. These systems are used in distribution systems such as water distribution and wastewater collection systems, oil and natural gas pipelines, electrical utility transmission and distribution systems, and rail and other public transportation systems.
  • Distributed control systems are used to control production systems within the same geographic location for industries such as oil refineries, water and wastewater treatment, electric power generation, chemical manufacturing, automotive production, and pharmaceutical processing.
  • Building automation systems are a type of OT used to control many systems used in a building, including heating, ventilation, and air conditioning; fire; electrical; lighting; physical access control; physical security; and other utility systems.

Because there are many types of OT systems and devices and they are often unique to a particular process or environment, staff responsible for managing and securing OT often require specialized knowledge, skills, and abilities. Relatedly, staff with IT knowledge and expertise often lack knowledge and experience with OT. The President’s National Security Telecommunications Advisory Committee explained that IT cybersecurity professionals are educated and trained to deal with data confidentiality, integrity, and availability of systems that focus on user interaction within an environment.14 By contrast, the advisory committee noted that OT professionals focus on physical processes’ availability, safety, and reliability in systems that use machine-to-machine communications within the environment. As a result, the advisory committee concluded these IT and OT professionals possess vastly different skills and functions and historically had little interaction.

Views: 1


advisor pick´S post

More Latest Published Posts