Industrial Cybersecurity and Key Aspects to Protect

IT Integrity versus OT Availability

In this entry, we introduced some concepts associated with security in SCADA systems. We believe it is interesting to delve deeper into the concept of industrial cybersecurity.

If IT security (IT environments) pursues the protection of the information handled by organizations, the systems that manage this information, the infrastructures that house these systems, and even the nations that group these infrastructures, industrial cybersecurity is the discipline that pursues protecting:

• The information that is handled in OT (Operation Technology) environments, both in industrial sectors and in infrastructures.
• The systems and devices that manage this information (SCADA Servers, Historian Servers, OPC Servers, PLC, RTU, DCS…)
• The industrial plants and infrastructures (generally critical) that house these systems.

That is, the concept of industrial cybersecurity is included in the scope of industrial security, understanding that information, systems, and facilities must be protected from attacks originating mainly through telematic means.

With regard to information, and as in traditional IT environments, security must ensure Confidentiality (only authorized users can view/access the information), Integrity (only authorized users can make changes to the information), and Availability (the information must always be accessible to authenticated and authorized users who request it) of the systems.

However, it is necessary to emphasize that while in transactional IT environments, the “C” of Confidentiality is the most important aspect to protect, in SCI (Industrial Control Systems) environments, it is the “D” of Availability that is the most important factor, not only for information but also for systems and plants.

In fact, in part 1 of the ANSI/ISA–99.00.01–2007 standard, on page 36, this particular is discussed.