The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Extracting Value from Smart Infrastructure
December 16, 2019
Dr. Rida Hamza, VP, Critical Infrastructure Protection at the global engineering firm Parsons, sees the Industrial Internet of Things (IIoT) unlocking new levels of productivity, helping organizations implementing value supply chain, increasing productivity, and maximizing return on investments. Doing so, he says requires deployment of millions of connected devices, increasing the attack surface and risk of cyberattacks on industrial control systems.
“Most people think of the cyber element of critical infrastructure protection (CIP), such as the protection of Information Technology (IT) assets like servers, computers, and switches, but they’re forgetting a whole other side of CIP. Just as important as the protection of IT assets is the protection of OT assets, including IoT-connected devices that control the backbone control system and automations within smart infrastructures,” he writes in ME Construction News.
“OT networks were traditionally kept separate, i.e. air-gapped from IT networks. However, new smart infrastructure requirements associated with the efficiency benefits of digitalization, such as smart environmental control systems, just in time irrigation, and interactive access control systems tied to Big Data, are forcing increased connectivity between IT and OT networks, thereby increasing the attack surface and hence the cyber risk,” he writes.
Rida warns that a common reaction to cyber security risk is to bolt on some software modification. Although he believes that there are effective cyber tools and that can reduce digital risk, they must be deployed “at the very early stage of design to both IT and OT simultaneously to ensure that the hardware and software that monitor and control the physical equipment and processes for critical infrastructure no longer present a wildly attractive target for those who seek to cause disruption or to threaten infrastructure for their own purposes”
In the past, he says that IT teams have successfully delivered digital efficiency improvements through tools such as email and internet-connected business processes. But bolting cybersecurity onto these tools had often disrupted the performance of the digital systems they were trying to protect. The cyber efforts often collided with system performance, all without even understanding the IT department’s mission of delivering digital capabilities.
“Many design flaws allow attackers to get access to connected devices. We must design in cybersecurity when beginning any of our infrastructure projects. Cybersecurity begins with design, architectures, configurations, processes, procedures and then tools.”
Read the full article here.