Ā© All rights reserved 2018 SyTech IT Limited Registered in England and Wales: 09896931
Operational Technology (OT) makes all these things happen and pervades our lives in both obvious and hidden ways, automatically monitoring and controlling processes and equipment that are too dangerous, too demanding or too monotonous for manual operation.
OT is defined as technology that interfaces with the physical world and includes Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS).
Where Cyber Security for IT has traditionally been concerned with information confidentiality, integrity and availability, OT priorities are often safety, reliability and availability, as there are clearly physical dangers associated with OT failure or malfunction. Many businesses strive for improved OT process efficiency and reliability for their customers, which often results in increased connectivity to enterprise technologies and the Internet. This convergence has the potential to increase system vulnerabilities, but can be addressed by adopting sound risk management principles, which are the same regardless of the underlying system type.
Major industries and critical national infrastructure are increasingly reliant on modern Industrial Control Systems (ICS) for their core operations. Modern control systems are constructed from commercial off the shelf technologies similar to those used in the IT domain. While this reduces the time and cost of
system development and ongoing maintenance, the use of this technology has introduced everyday IT security risks into the ICS domain.
The fundamental difference between a security incident in the IT domain and the ICS domain lies in the potential impact. The impact of an ICS incident can be far greater, causing not only disruption to business operations and services but also potential damage and destruction of equipment, and injury to people. These systems are critical and therefore are required to be trustworthy and resilient not just operationally but from a security perspective too.
In the past, ICS security was mostly seen as an afterthought and this has led to many of the issues we face today. Although some of these could be resolved by applying standard IT solutions, many remain unresolved due to the particular constraints of ICS. Only by recognising these constraints and implementing industry good practice developed through practical experience can security be improved.
This framework is primarily intended for those who are directly responsible for securing ICS, whether they are looking to establish a new programme or complement one that already exists. It can assist ICS professionals in improving their knowledge of security and can provide insight into the ICS environment to IT professionals. Further to this, the guidance can inform the organisationās leadership about the rationale for establishing an ICS security capability and the potential activities involved in securing assets.
The framework is also useful as a point of reference for the wider group of ICS stakeholders who do not have direct responsibility for security but have a vested interest in it or who could have an impact on ICS security. This can include procurement staff (who can manage security requirements in contracts) and project managers (to help them understand the need to address security early in the design process). It can also be used by Lead Government Departments (LGDs) who have a responsibility for understanding how to measure the trustworthiness of ICS that underpin or directly provide critical services.
The Security for Industrial Control Systems (SICS) Framework builds on the previous guidance which has been used by organisations worldwide. While not a standard, the framework incorporates the latest industry good practice and experience from the fields of ICS and IT security to address ICS security.
The framework consists of:
The framework and its supporting elements are intended to be a point of reference for an organisation to begin to develop and tailor ICS security that is appropriate to its needs.
This framework can be used in a number of ways:
Through using the SICS Framework, an organisation can reap the benefits of having more secure and resilient systems operationally, and in their enhanced ability to deal with a cyber attack. Better security can also enable businesses to prosper by allowing them to exploit new technologies securely. Without
appropriate security, organisations face being left behind or exposing themselves to unnecessary and sometimes avoidable risk.
Only by understanding and mitigating these risks can an organisation take full advantage of advances in technology and new ways of working. While security cannot prevent all risks materialising, it can help to reduce the likelihood and potential impact, allowing organisations to recover faster and return to business as usual.
Based In Keele, SyTech IT provide IT Solutions, Support & Systems for Industry and multi channel distribution businesses within Stoke-on-Trent, Staffordshire, Derbyshire, Cheshire, Lancashire, Warwickshire, Birmingham and Manchester.
Ā© All rights reserved 2018 SyTech IT Limited Registered in England and Wales: 09896931
SyTech IT is proudly powered by WordPress