Critical Infrastructure Part 2: Cyber Attacks on Critical Infrastructure

In Part I of the Critical Infrastructure Series, we covered the importance of protecting the nation’s critical infrastructure (CI) Sectors, why they’re targeted, and how to defend against attack. In Part II, we go a little deeper into the Operational Technology (OT) ecosystem and describe how its components interplay to provide critical services within the nation’s critical infrastructure. Finally, in Part III, we cover best practices for securing the OT ecosystem.

What is Operational Technology?

OT refers to equipment or interconnected systems designed to manage industrial processes versus traditional IT administrative processes. For example, OT systems include production line management, oil monitoring, transportation control systems, and utility power grids, to name a few.

OT and IT: What’s The Difference?

Defining Information Technology (IT) can be challenging as it covers many components and functionalities concerning computers and operations. With respect to industrial application, IT involves computers and connected networks to create, process, store, retrieve, and exchange digital data to conduct business operations.

Simply put, OT is industrial-based, primarily made up of a network of interconnected machines. At the same time, IT is more business-oriented, mainly working with data from device to device rather than machines.

OT systems, networks, and sensors require high availability. While most IT systems and networks balance security between confidentiality, integrity, and availability, in contrast, OT places a strong emphasis on availability. This does not mean that confidentiality and integrity are less important, but OT must be available as they tend to be continuous real-time systems requiring constant availability.

OT Ecosystems: Industrial Control Systems

The OT ecosystem encompasses the interconnected systems that manage real-time industrial operations. Historically, OT only consisted of non-networked industrial control systems (ICS) where many of the capabilities to monitor and control systems, or machines, were closed systems using proprietary protocols. Today, networked IT capabilities, with help from the ubiquitous Internet, have allowed closed physical and mechanical systems to be digitalized and constantly connected. As a result, the OT ecosystem relies on interdependent components to monitor and control systems in real-time.

An Industrial Control System (ICS) is a significant component of the OT ecosystem and consists of two major components:

1. Supervisory Control and Data Acquisition (SCADA)
2. Distributed Control System (DCS)

What is a SCADA System?

SCADA is a real-time data collector. SCADA comprises a network of remote terminal units (RTU) that collect data and send it back to a central command center for real-time decision-making and control.

What is a Distributed Control System?

DCS is similar to SCADA, which connects sensors, controllers, and remote terminals for data acquisition and control. In the case of DCS, this system performs the data acquisition and control through distributed processors connected to machines or instruments where the data is acquired. Unlike SCADA, DCS tends to provide acquisition and control onsite vice remotely via SCADA systems.

The Industrial Internet of Things

The Internet has changed OT’s landscape, allowing its systems, networks, and sensors to connect and exchange data with other OT systems, networks, and sensors. There are two distinct categories with respect to technologies communicating via the Internet:

• Internet of Things (IoT) 

  IoT is the capability to connect IT systems and devices via the Internet to conduct or process tasks. The definition is the same as the definition for IT, but with the addition of reliability on the Internet. Many of us use IoT every day as IoT is primarily used for business and consumer purposes. Some examples include Internet-connected cars (almost all are connected to the Internet now) and smart homes (alarm systems, heating & air conditioning systems).
  

• Industrial Internet of Things (IIoT)IIoT, on the other hand, connects industrial devices via the Internet, which is focused on industrial things such as those things that live within and between critical infrastructures (energy, oil & gas, healthcare, transportation, etc.). One way to view IIoT is that it is a subset of IoT. The only difference is the focus. IIoT helps bring automation to monitoring and controlling devices within the industrial sector.

One distinction: IoT and IIOT do not refer to sensors, monitoring, and control devices or systems but rather describe the infrastructure that allows these capabilities to communicate and exchange data via the Internet.

OT Systems as Critical Infrastructure

The OT ecosystem (ICS, SCADA, DCS, and IIoT) forms the backbone of the nation’s critical infrastructure in the monitoring and controlling of the processes, machines, and systems of industrial systems. The OT ecosystem consists of mission-critical capabilities with high availability, vital safety, and critical cybersecurity protection requirements of industrial systems.

As the OT ecosystem increases its reliance on real-time connected technologies and automated control systems, especially for the nation’s critical infrastructures, the need to protect them increases. Threat agents continue to target vulnerabilities that could cause financial impacts, physical damage, service outages, supply chain interruption, and potential loss of life.

Part III will cover the threats to the OT ecosystem and best practices for protecting the nation’s critical infrastructure.