Consider the consequences: A powerful approach for reducing ICS cyber risk

Click the button below to download the full text of the article.

Abstract: Securing industrial control systems (ICS) or, for that matter, information technology (IT) systems is a never-ending battle. Cybersecurity subject matter experts (SMEs) secure their systems with the latest technology and threat actors develop new techniques to bypass these controls in a constant arms race of attack and defend, attack and defend. This paper explores the relationship between cyber and physical systems by introducing a reference model that explains the cascading nature of impacts. While a cyberattack on an ICS originates in the cyber domain the most serious impacts occur in the physical domain. By understanding this concept, cybersecurity SMEs can make more targeted defensive measures in the cyber domain and add protections in the physical domain to significantly reduce ICS cyber risk.

Keywords: ICS cybersecurity, cyberattacks, cyber/physical impacts, ICS Cyber Kill Chain, protection layers, risk analysis

Richard Wyman is a senior control systems engineer at Idaho National Laboratory (INL). During the last eight years, he has supported the United States Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) assessment and training programmes. As one of the original members of the ICS-CERT assessment team, Richard has evaluated over 100 control systems. Before his INL career, he worked as a project manager and technical lead for a northern California water utility, where he was responsible for the design and installation of a large distributed supervisory control and data acquisition (SCADA) system.