Detection techniques in operational technology infrastructure

In previous decades, cyber-attacks have not been considered a threat to critical infrastructure. However, as the Information Technology (IT) and Operational Technology (OT) domains converge, the vulnerability of OT infrastructure is being exploited. Nation-states, cyber criminals and hacktivists are moving to benefit from economic and political gains. The OT network, i.e. Industrial Control System (ICS) is referred to within OT infrastructure as Supervisory Control and Data Acquisition (SCADA). SCADA systems were introduced primarily to optimise the data transfer within OT network infrastructure. The introduction of SCADA can be traced back to the 1960’s, a time where cyber-attacks were not considered. Hence SCADA networks and associated systems are highly vulnerable to cyber-attacks which can ultimately result in catastrophic events. Historically, when deployed, intrusion detection systems in converged IT/OT networks are deployed and monitor the IT side of the network. While academic research into OT specific intrusion detection is not a new direction, application to real systems are few and lack the contextual information required to make intrusion detection systems actionable. This paper provides an overview of cyber security in OT SCADA networks. Through evaluating the historical development of OT systems and protocols, a range of current issues caused by the IT/OT convergence is presented. A number of publicly disclosed SCADA vulnerabilities are outlined, in addition to approaches for detecting attacks in OT networks. The paper concludes with a discussion of what the future of interconnected OT systems should entail, and the potential risks of continuing with an insecure design philosophy

Operational Technology Services to Support Business Activities

The operational technology (OT) environment is a vital part of several businesses around the world. While most of these businesses rely on the activities conducted there in order to generate revenue, it is not always correctly secured, and it is treated as a mere extension of the company's IT network. In this thesis it is described how OT-specific services were designed to protect the company business while, at the same time, keeping into consideration the needs of the people operating in the environment. It is also described how the design was implemented in practice, describing the technology and the entities involved. Finally, the use case definition and the testing phase is described to report what kind of problem arose only later and how they were approached to be solved. In short, this thesis follows the entire development of these services, starting from the very beginning until the present moment, meaning the successful conclusion of the testing phase and the start of the operational phase

A Graphical Adversarial Risk Analysis Model for Oil and Gas Drilling Cybersecurity

Oil and gas drilling is based, increasingly, on operational technology, whose cybersecurity is complicated by several challenges. We propose a graphical model for cybersecurity risk assessment based on Adversarial Risk Analysis to face those challenges. We also provide an example of the model in the context of an offshore drilling rig. The proposed model provides a more formal and comprehensive analysis of risks, still using the standard business language based on decisions, risks, and value.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Improvements to Passive Fingerprinting of Operational Technology Environments

This paper explores the effectiveness of three network tools for analyzing network traffic and highlights their reliance on network ports to fingerprint TCP and UDP network protocols. Considering this limitation, the paper introduces protoDetect, a novel tool demonstrating a possible solution for identifying Operational Technology (OT) network protocols

Overcoming integration challenges in organisations with operational technology

Competitive advantage is traditionally an outcome of leveraging people, processes and technologies. Today organisations have several technologies with disparate information. Information integration may assist organisations to remain competitive. Organisations that have technology which manage or control assets have particular integration challenges compared to organisations with corporate business areas. This is because organisations do not view technology managing infrastructure assets in the same way as managing functions such as finance, retail and human resources. The paper defines a current, asset management based taxonomy for organisations integrating Operational and Information Technology. It identifies a number of challenges, such as the commitment to information integration, organisation-wide governance and architectural approaches as well as the aligning of operational open standards with existing information technology standards. Furthermore it highlights opportunities for further research in the area

CONSTRAINED MACHINE LEARNING MODEL DEPLOYMENTS FOR OPERATIONAL TECHNOLOGY NETWORKS

Presented herein are techniques for formulating level and device specific machine learning (ML) models for operational technology (OT) networks that can be deployed closer to an end device (in a respective level) for constrained devices

Overcoming integration challenges in organisations with operational technology

Competitive advantage is traditionally an outcome of leveraging people, processes and technologies. Today organisations have several technologies with disparate information. Information integration may assist organisations to remain competitive. Organisations that have technology which manage or control assets have particular integration challenges compared to organisations with corporate business areas. This is because organisations do not view technology managing infrastructure assets in the same way as managing functions such as finance, retail and human resources. The paper defines a current, asset management based taxonomy for organisations integrating Operational and Information Technology. It identifies a number of challenges, such as the commitment to information integration, organisation-wide governance and architectural approaches as well as the aligning of operational open standards with existing information technology standards. Furthermore it highlights opportunities for further research in the area

Building the Operational Technology (OT) Cybersecurity Workforce: What are Employers Looking for?

A trained workforce is needed to protect operational technology (OT) and industrial control systems (ICS) within national critical infrastructure and critical industries. However, what knowledge, skills, and credentials are employers looking for in OT cybersecurity professionals? To best train the next generation of OT cybersecurity professionals, an understanding of current OT cybersecurity position requirements is needed. Thus, this work analyzes 100 OT cybersecurity positions to provide insights on key prerequisite requirements such as prior professional experience, education, industry certifications, security clearances, programming expertise, soft verbal and written communication skills, knowledge of OT frameworks, standards, and network communication protocols, and position travel. We found that OT cybersecurity roles are typically non-entry level, as experience was the most common requirement, and was required on 95% of analyzed positions. Possession of a bachelor’s degree or higher was required for 82% of positions, while industry certifications such as the Certified Information Systems Security Professional (CISSP) or the Global Information Assurance Certification (GIAC) Global Industrial Cyber Security Professional (GICSP) were listed on 64% of positions. Knowledge of OT or IT frameworks and standards and strong communication skills were listed on 48% of positions, while programming expertise, possession of the United States security clearance, and knowledge of OT or IT networking protocols were required for 18%, 24%, and 27% of positions, respectively. A work travel requirement was listed on 29% of positions. Individuals seeking to enter the OT cybersecurity field, and educational programs focusing on training OT cybersecurity professionals should prioritize obtaining experience, education, and certification, possessing strong communication skills, and knowledge of relevant OT and IT industry standards and frameworks