- Executive Title: "Cyber Threat Protection in Industrial Control Systems ($\text{ICS}$): Security strategy for ships and factories"
- Subtopic (Technical/Focus): "Strengthening the protection of ship control systems (Bridge/Engine Control Systems) from cyber attacks"
- Engaging Title: "When Hackers Attack the 'Brain': Cybersecurity is the Life of the System$\text{OT}$"
This content will focus on the importance and approaches to maintaining cybersecurity for industrial control systems ($\text{ICS}$- Industrial Control Systems) which includes systems used to control actual operations on ocean-going vessels ($\text{Operational Technology - OT}$) and various factories:
2.1. Difference between$\text{IT}$and$\text{OT}$ Cybersecurity
- $\text{IT}$(Information Technology): Focuses on maintaining the confidentiality, integrity, and availability of information.
- $\text{OT}$(Operational Technology): Focus on maintaining the availability and integrity of the control system first, as failure can lead to physical damage, injury, or loss of life.
- Key Assets: Systems$\text{OT}$Including$\text{SCADA}$, $\text{DCS}$and$\text{PLC}$Control of main machinery, ship steering system, or factory production system
2.2. Case studies and targeted attacks$\text{ICS}$
- Growing Threat: System Connections$\text{OT}$Connect to the network$\text{IT}$And the internet creates higher risks.
- Example of an attack: Give an example of malware designed to attack a system.$\text{ICS}$Especially (such as$\text{Stuxnet}$Attack$\text{PLC}$) or attacks that directly target the ship's control system (such as changing the ship's course or causing engine malfunctions).
2.3. Main strategies for system protection$\text{OT}$
Defense strategies$\text{ICS Cybersecurity}$Focus on reducing the attack surface and controlling access:
- Network segmentation ($\text{Network Segmentation}$):
- $\text{Air-Gapping}$or$\text{Segmentation}$: Network separation$\text{OT}$Exit the network$\text{IT}$and the internet completely or use$\text{Firewall}$Strict control over traffic between the two parts
- $\text{Defense-in-Depth}$: Creating multiple layers of defense to allow attackers to overcome multiple obstacles.
- Access control and$\text{Patch Management}$:
- $\text{Least Privilege}$: Assign access rights to only the necessary users and devices.
- Update management ($\text{Patching}$): $\text{ICS}$Often using old software, update management must be done carefully after testing so as not to affect the stability of the system.
- Monitoring and Incident Response ( $\text{Monitoring & Incident Response}$ ): Implementing tools designed to detect anomalies in traffic.$\text{OT}$In particular, and preparation for a response plan when an attack occurs.
- IMO Guidelines: For shipping, operators are required to incorporate cybersecurity into their safety management systems ($\text{Safety Management System - SMS}$) of the ship
- $\text{NIST CSF}$ / $\text{IEC 62443}$: Using international standard frameworks to structure cyber risk management in the environment$\text{ICS}$
Cybersecurity:
- $\text{ICS Cybersecurity}$, $\text{OT Security}$,$\text{Cyber Defense}$,$\text{Threat Intelligence}$, Cyber Attacks
Control Systems:
- $\text{ICS}$ (Industrial Control Systems), $\text{SCADA}$,$\text{DCS}$,$\text{PLC}$,$\text{Engine Control Systems}$,$\text{Bridge Systems}$
Defense Principles:
- $\text{Network Segmentation}$,$\text{Defense in Depth}$,$\text{Patch Management}$,$\text{Least Privilege}$,$\text{Air-Gap}$
Differences:
- $\text{IT}$ vs. $\text{OT}$, Availability, Integrity
Industries:
- Marine, Industrial,$\text{Critical Infrastructure}$
Standards:
- $\text{Guidelines IMO}$,$\text{IEC 62443}$,$\text{NIST CSF}$
Illustration 1: ICS Cybersecurity: Protecting the Digital Heart of Industry
Illustration 2: Understanding Threats: ICS/OT Attack Vectors
