According to Siemens (https://www.arabianbusiness.com/technology/428319-the-biggest-oil-gas-threat-isnt-drones-its-cyber), “cyber security breaches in the Middle East region are widespread and frequently undetected, with 30% of attacks targeting operational technology (OT), according to a study by Siemens and Ponemon Institute. Two-thirds of respondents in the study’s survey experienced at least one security compromise resulting in unrestricted information loss or operational disruption in the OT environment in the past year.”
These findings are similar to other surveys on cyber security of control and safety systems. They are about the OT networks and associated network impacts. The impacts on the process such as equipment failures and plant shutdowns are not addressed. However, the process is what is most germane to the corporate bottom line. That is, the production and distribution of physical products such as electricity, water, oil/gas, manufactured goods, etc. The process can work without the OT networks but not in an optimal manner. However, the process cannot work without the control systems working. As an example, following the 2015 cyber attacks, the Ukraine operated their grids for months without the OT networks because they couldn’t trust the networks were ”clean”. Yet, the process is effectively being ignored by the OT cyber security community. The irony is that the control system vendors have extensive expertise on the process but the culture gap all too often has prevented them from participating in cyber security activities. This culture/governance gap has to change.
Specifically, Siemens suggests the following. It should be noted these four steps are similar to other control system vendors. My comments are in bold.
Support the originator by clicking the read the rest link below.
