Control System Cyber Security
The July 23 , 2020 NSA / DHS CISA Alert AA20-205A : Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems ( reference 10 ) stated that control systems should not be connected directly to IT networks or the Internet or they will be compromised . However , as of 2014 , there were more than 2 million control system devices directly connected to the Internet and counting ( Radvanovsky , 2014 ).
Attackers are becoming better system engineers than the defenders as they generally don ’ t have organization charts or professional silos . It can be surmised that sophisticated attackers work “ backwards ” by determining what damage they want to cause and then look for tools to achieve that end .
Table 4 . OT Cyber Security Incident Database
Recommendations
There has been a convergence of highly integrated industrial automation sharing more constructs with IT , known as IT-OT ( Operational Technology ) convergence . It is the inevitable result of industry seeking higher efficiencies and productivity through physical and cyber control system convergence . General Electric , which has called this development the emergence of the “ Industrial Internet ,” characterizes it as “ where the Internet intersects with our basic human needs , such as water , transportation , healthcare , and energy .” 19 This impending transition — which will increasingly drive most critical infrastructures — heightens the need for a correctly scaled national effort capable of meeting the security and safety needs of critical infrastructure control systems . As opposed to IT security , control system cyber security is still in the early developmental stages .
19 Also called the “ Industrial Internet of Things ( IIoT ),” it should not be confused with the Internet of Things ( IoT ) which tends to refer to consumer products and devices .
125