DCS; Industrial control system
Product
Article
NameDescriptionContent
English 简体中文
NEW CENTER
Current Location:
Home >> journalism >> Ensuring Cyber Resiliency for OT Systems

Ensuring Cyber Resiliency for OT Systems

From:THOMAS | Author:H | Time :2024-11-27 | 192 Browse: | Share:

Ensuring Cyber Resiliency for OT Systems

Cyber resilience is the ability for an entity to continuously deliver the intended outcome despite cyber-attacks. In this case, the “entity” could likely be your plant and the “intended outcome” is the results produced by your operational technology (OT) efforts. Stated simply, being cyber resilient means your operations stay in operation even though they may be under cyber-attack.

“Cyberworthiness” is an assessment of the resilience of a system from cyber-attacks. It is applicable to software and hardware elements like standalone software, code deployed on an Internet site, browsers, manufacturing equipment or Industrial Internet of Things (IIoT) devices.

Whether intentional—as in a cyber-attack—or unintentional—as in a failed software update—adverse cyber events negatively impact the availability, integrity, or confidentiality of networked OT and information technology (IT) systems and associated services.
 

Cybersecurity versus cyber resilience

Cyber resilience is designed to prevent systems and networks from being derailed in the event that security is compromised. The manufacturing line, refinery or pipeline “stays” operational. Cyber resilience means that cybersecurity is effective without compromising the usability of OT systems (Figure 1).

Figure 1: Cyber resilience means that cybersecurity is effective without compromising the usability of OT systems.

According to Phil Tonkin, field CTO at Dragos, cybersecurity is concerned with the protection of digital systems, whereas cyber resilience considers the real-world implications of cyber events—extending beyond the digital defense perimeter to encompass the ability of an organization to maintain its core functions and recover swiftly from any form of cyber disruption. “In the world of OT, infrastructure owners as asset managers are concerned with the integrity and reliability of their assets. An electric company needs to worry about keeping a reliable, efficient and clean energy supply to its customers, how they achieve that is resilience. It’s not just protecting the system against compromise but managing the risks of downstream effects.”

Greg Hale, editor and founder of ISSSource, said that resiliency is a plan to find ways to keep the plant/network/system up and running despite an ongoing attack. It is related closely to the business continuity plan. “Cybersecurity, on the other hand, is the overall general idea of protecting assets. The government says resilience entails the ability of a system to anticipate, withstand, recover from and adapt to cyberattacks and natural or accidental disruptions,” he said.

Hale wrote in a recent article in The Source: “A core meaning behind cybersecurity is keeping systems up and running and secure against any kind of attack. But when an organization does suffer a hit, the next step in the ladder of protection needs to be resilience—how to stay up and running no matter the type of assault.”

“Cybersecurity focuses on the implementation of capabilities and controls such as identification, detection, protection and so on, whereas resilience relates to the ability to withstand attacks, bring appropriate response and ability to recover swiftly,” said Mansur Abilkasimov, vice president of Cyber and Product Security Strategy and Governance at Schneider Electric.



Need for cyber resilience is real

Hale points out that one of the classic cases of a lack of cyber resilience is the Colonial Pipeline incident a few years back (Figure 2). “There was a ransomware attack on the company’s IT department and while OT systems remained up and capable of running, the company shut down completely for about four or five days ‘out of an abundance of caution.’ The real reason was the company’s billing system was run on the IT side and if that was held for ransom, the company could not bill its customers and therefore not make any money, so they had to shut everything down. Even though OT was not affected, they had no plan on what they should do to stay running in case of an attack.”

Figure 2: One of the classic cases of a lack of cyber resilience is the Colonial Pipeline incident.

Roy Kok, senior partner and Alliances specialist CLPA at Mitsubishi Electric Automation Inc. said that cyber resilience becomes an interesting challenge for Mitsubishi Electric going forward “because we’re the only company that’s offering combined networking. Most industrial automation companies have a control network and an information network, the control network being focused on deterministic performance and also being dedicated to doing the control. And then of course, the information network is open to the IT world, performance management, quality and so on.”

With combined networking, cyber resilience is increasingly important. “Our protocol is called CC-Link IE TSN. IE stands for ‘industrial Ethernet.’ TSN [time-sensitive networking] is the enhancement to the Ethernet spec that happened back in 2016, which allows you to have deterministic performance. It’s like setting up a private channel on Ethernet that guarantees that your control will have deterministic performance regardless of anything else on the network. The spec has been enhanced to allow scheduling of communications, which means that means devices on a network know when they have an opportunity to speak—traffic shaping.”
  • ALSTOM COP232.2 VME A32/D32, 029.232 446 controller unit
  • GE 151X1235DB15SA01 Gas turbine controller
  • Abaco VP869 FPGA Card
  • Abaco VP868 FPGA Card
  • Abaco VP780 FPGA Card
  • Abaco VP680 FPGA Card
  • PC821 PCIe FPGA Card
  • Abaco PC820 FPGA Card
  • Abaco PC720 FPGA Card
  • Abaco FlexVPX Backplane
  • Abaco VP880 / VP881
  • Abaco VP889 FPGA Board
  • Abaco VP430 RFSoC Board
  • Abaco VP460 Direct RF Processing System
  • Abaco VP431 RFSoC Board
  • Abaco VP461 6U VPX Xilinx UltraScale
  • Abaco VP891 3U VPX FPGA Processing Card
  • Abaco TM-683 2 PMC rear panel I/O transition module for 6U CPCI
  • Abaco CPCI-100A-FP 2-slot IndustryPack carrier for 3U CPCI systems
  • Abaco BIO-4 Rear transition card for the CPCI-200A IP carrier
  • Abaco VME-4116 VME Analog I/O Output Boards
  • Abaco VME-4140 VME Analog I/O Output Boards
  • Abaco VME-3122B VME Analog I/O Input Boards
  • Abaco VME-3113B Scanning 12-bit Analog-to-Digital Converter with Built-in-Test
  • Abaco Vme-4132 VME Analog I/O Output board
  • N-Tron® NT24K-14FXE6-SC-80 Managed 14-Port Gigabit Industrial Ethernet Switch
  • N-Tron® 7012FXE2-SC-40 Managed 12-port Industrial Ethernet Switch
  • N-Tron® NT24K-11GX3-SC-PT Managed 11-Port Gigabit Industrial Ethernet Switch
  • N-Tron® NT24K-14FXE6-SC-15 Managed 14-Port Gigabit Industrial Ethernet Switch
  • N-Tron® 7018FXE2-SC-15 Managed 18-port Industrial Ethernet Switch
  • N-Tron® NT24k 24-Port Rackmount Gigabit Managed Industrial Ethernet Switch
  • N-Tron® NT24k 24-Port, Dual Redundant VDC Power Input, Rackmount Gigabit Managed Industrial Ethernet Switc
  • N-Tron® NT24K-10FX2-SC Managed 10-Port Industrial Ethernet
  • N-Tron® NT24K-12SFP-DM4 Managed 12-Port Gigabit Industrial Ethernet Switch
  • N-Tron® NT24k 16-Port, Single Redundant VDC Power Input
  • N-tron SLX-6ES-5SC Unmanaged 6-port industrial Ethernet switch
  • NT24k® 10FX2-POE Managed PoE+ Gigabit Ethernet Switch
  • N-Tron® 105FXE-SC-15-POE-MDR Unmanaged 5-port PoE Switch
  • Sixnet® SL-8ES-1 Unmanaged 8-port Industrial Ethernet Switch
  • N-Tron® 106FX2-SC-MDR Unmanaged 6-port Industrial Ethernet Switch
  • Sixnet® SLX-9ES-3SC Unmanaged 9-port Industrial Ethernet Switch
  • N -Tron® 710FXE2-ST-80 Managed 10-port Industrial Ethernet Switch
  • N -Tron® 712FXE4-SC-15-HV Managed 12-port Industrial Ethernet Switch
  • N -Tron® 712FXE4-ST-15-HV Managed 12-port Industrial Ethernet Switch
  • N -Tron® 709FXE-SC-40 Managed 9-port Industrial Ethernet Switch
  • ABB IEMMU21 Module Mounting Unit
  • ABB CMA120 3DDE300400 Basic Controller Panel Unit
  • Bently Nevada 2300/20-RU 2300/20-CN Monitoring controller
  • A-B 4100-234-R IMC™ S Class Compact Motion Controllers
  • B&R Power Panel 300/400
  • ADLINK cPCI-3840 Processor module
  • ACQUISITIONLOGICAL81G -2
  • HIMA K1412B PLC Module
  • IS200VTCCH1CBD GE Speedtronic Turbine Control PCB board
  • TRICONEX 4200 Digital Output Module
  • DEIF SCM-1 PCB CARD Module
  • HIMA F3DIO20802 controller plc F3DIO20802
  • HIMA B5233 PLC Module
  • HIMA B5322 PLC Module
  • HIMA F7105A PLC Module
  • HIMA F7150 PLC Module
  • HIMA Z7308 PLC Module
  • HIMA F60 PS01
  • TRICONEX 4409 PLC Module
  • F8651X HIMA Central module F8651X
  • HIMA-6E-B HIMA-6E-B Large System Controller
  • HIMA P8403 PLC Module
  • F8621A HIMA communication module
  • IS200VRTDH1D GE Mark VI Printed Circuit Board
  • ABB NIACO2 PLC Module
  • ABB NIAMO1 PLC Module
  • HIMA F8652 98465266 PLC Module
  • F8652X HIMA Central module
  • HIMA 62100
  • HIMA 99-7105233 B5233-1 NSMP
  • ABBSPAD 346 C3-AA
  • ABBREF543KM127BABB
  • ABB 0-63007 M003742626
  • Abb FET3251A0P1B3C0H2M
  • ABB 3HAB8800-1
  • ABB 3AUA266001B166
  • ABB3HNM07686-1
  • ABB PQF4-3 TAS
  • Honeywell 30735863-502 - SWITCH
  • Honeywell TK-CCR014 - REDUNDANT NET INTERFACE NEW ORIGINAL FREE EXPEDITED SHIPPING/
  • Honeywell 51403165-400 - new 51403165400/
  • Honeywell318-049-001 quot100 Batteries(Japan Liion2Ah14.8Wh)INTERMEC/ PR2,PR3 P/N
  • Honeywell FC-PSU-UNI2450U - Power Supply
  • Honeywell 965-0676-010 - WARNING COMPUTER SV
  • Honeywell 51403519-160 - Module
  • Honeywell 107843 - HOUSING CARBON FILE P/N NE COND # 11438 (4)
  • Honeywell VR434VA5009-1000 - Brand new in box Condensing boiler valve DHL fast shipping
  • Honeywell SPXCDALMFX - plc new FREE EXPEDITED SHIPPING/
  • Honeywell BCM-PWS - BCM-ETH BCM-MS/TP BCM-MS/TP Network controller setFedEx or DHL
  • Honeywell YSTR12D-22/C/-2J0DFA/BE/400/T/-CM.HO.TG.SB.SM,ZS,F1,LP,/FX/,1C-BT - UNMP
  • Honeywell IWS-1603-HW - 90-250VAC 1.0A UNMP
  • Honeywell 51304386-150 - MEASUREX Factory Packed
  • Honeywell CC-PFB401 - / CCPFB401 (NEW IN BOX)
  • Honeywell 50071726 - St 800 Series Pressure Transmitter Remote Diaphragm 11-42VDC
  • Honeywell 621-2150 - / 6212150 (NEW NO BOX)
  • Honeywell 80360206-001 - USED YAMATAKE CLI BOARD
  • Honeywell BMDX001A-001 - ACCURAY / BOARD BMDX001A001
  • Honeywell XCL8010A - New CPU Controller.
  • Honeywell PGM-7320 - 1PCS NEW Rae Systems MiniRAE 3000 Portable VOC Monitor#XR
  • Honeywell BK-G40 - U65 *FULL INSTALLATION* Gas Meter 3?± Inlet/Outlet Spool NEW UNUSED
  • Honeywell DM106-0-B-00-0-R-1-00000-000-E0 - DPR100 250V NSNP
  • Honeywell KFD840 - PRIMARY FLIGHT DISPLAY CORE PN: 066-01206-0104
  • Honeywell 51401914-100 - 51400996-100
  • Honeywell C7012A1145 - 1PC New UV Flame Detector Expedited Shipping
  • Honeywell OV210 - Baxter Bakery Oven Igition Control. For DRO. 00-616973 NEW
  • Honeywell 51304431-125 - 1PC New /51304431125 1 year warranty#XR
  • Honeywell QPP-0002 - Quad Processor Module / 5 Vdc / Massima 1.2A/24Vdc/max.25mA
  • Honeywell QPP-0002 - Quad Processor Module / 5Vdc / Max. 1.2A/24Vdc/max.25mA
  • Honeywell 8C-PCNT02 - 514543363-275 module
  • Honeywell DPCB21010002 - Tata Printed Circuit Board
  • Honeywell DPCB21010002 - Tata Printed Circuit Board Rev: 0
  • Honeywell 001649-M5T028 - Tata Printed Circuit Board Rev: 0
  • Honeywell YSTD924-(J2A)-00000-FF,W3,TP,TG,SS - NSFS
  • Honeywell XF523-A - / XF523A (NEW IN BOX)
  • Honeywell TK-PRS021 - NEW IN STOCK ship by UPS
  • Honeywell 2MLR-AC22 - " 2mlr-dbsf,2mlf-ad4s,2mlf-dc4s,2mlr-ac22 Rack"
  • Honeywell 9436610 - MEASUREX NSMP
  • Honeywell RT10A-L0N-18C12S0E - RT10A.WLAN.IN.6803.CAM.STD.GMS
  • Honeywell 51305896-200 - P:C1 Rev D Nim Modem - FAST SHIP BY Fedex
  • Honeywell TK-FTEB01 - PCL module Brand New Fast Shipping By DHL
  • Honeywell 8694500 - Measurex Control Processor Module
  • Honeywell DR4500 - Truline and DR4300 Circular Chart Recorder
  • Honeywell EC-7850-A-1122 - / EC7850A1122 (NEW IN BOX)