ICS Cybersecurity: Establishing cyber-protection at Levels 1 and 0 and why it matters
Title: ICS/OT Cybersecurity: Establishing cyber-protection at Purdue Model Levels 1 and 0 and why it matters
A new type of industrial control system (ICS) / operational technology (OT) cybersecurity is emerging, one that assumes a determined adversary will gain access to the OT network. And under this paradigm, the priority is cyber resiliency.
When today’s adversaries breach the business network and subsequent segments, what is protecting the control systems managing physical processes from manipulation or disruption? With potentially catastrophic impacts on the business, employees, environment, and beyond, what is protecting the operation’s critical processes? Traditional ICS cybersecurity says protect control systems by layering barriers to keep adversaries at bay. But what happens when they fail?
Level 0 in the OT network is the last line of defense. Protecting Level 0—field devices controlling physical processes like temperature, pressure, flow, and speed—should be at the core of any industrial cybersecurity approach. Three questions must be addressed to protect physical processes and ensure operational resiliency:
A decade ago, we’d point to the control and safety systems to answer those questions. Today, we’ve seen both attacked and fail to operate as intended. Using comparative analysis and change detection between digital command and control signals (operator activity; ethernet, TCP/IP, or serial) and raw physical analog signals (physical component activity; 24 VDC, 4-20 mA) with system awareness at the network traffic level, operators gain unprecedented insight and protection for their critical processes.
Addressing cyber threats where they are most catastrophic is where cybersecurity needs to begin. Therefore, industrial control systems should not just be protected from intruders but, more importantly, resilient to cyber attacks.