Professional Documents
Culture Documents
Presented By:
Laxminarayan Nayak
Regional Risk Engineer, Middle East
Royal & Sun Alliance Insurance (Middle East) B.S.C.(c)
An Ever-Growing Threat: Targeting ICS
.
High-Value Target & Safety Issue
Infrequent Software Update
2
Cybersecurity-attacks are on the rise
Ref: Analysis of Past Cybersecurity-Related Incidents in the Process Industry and the Like by Matteo Iaiani, Alessandro Tugnoli, Valeria Casson Moreno, Valerio Cozzani; DOI: 10.3303/CET2082028
4
OT Security
Supervision/
Configuration 5. Internet DMZ- Boundary between
Enterprise IT & wider Internet
6
Steps of a Cyber Attack to the IT-OT System
Design - Defendable
Architect
Monitor
Recover Strategy
Ref: Analysis of Past Cybersecurity-Related Incidents in the Process Industry and the Like by Matteo
Iaiani, Alessandro Tugnoli, Valeria Casson Moreno, Valerio Cozzani; DOI: 10.3303/CET2082028 Multi-faceted CS Resilience Approach
• Tope Event - As long as a hazard is controlled, the top event does not
occur. It is the event that shall be avoided.
• Sandboxing
• Standard Compliance
11
Barriers Against Malware
12
Barriers Against DoS Attack
13
What Regulation Apply?
➢ International Standards for OT Security
• IEC 62443 Process Industry
• ISO 21434 Automotive Industry
• IEC 62645 Civil Nuclear Industry
15
References
• Analysis of Past Cybersecurity-Related Incidents in the Process Industry and the Like by Matteo Iaiani, Alessandro Tugnoli, Valeria Casson Moreno, Valerio Cozzani; DOI:
10.3303/CET2082028
• Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries; ANSI/API STANDARD 780
• Cyber risk and resilience — Guidance for the governing body and executive management; BS 31111:2018
• DNV Cyber security resilience management for ships and mobile offshore units in operation; DNV-RP-0496; October 2021
• IEC 62443-4-2; Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components
• Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries; American Petroleum Institute; April 2003
• Integrated Cyber Safety & Security Management System: Industry 4.0 Issue; Vyacheslav Kharchenko; Oleg Illiashenko; DOI: 10.1109/DESSERT.2019.8770010
• An integrated cyber security risk management framework and risk predication for the critical infrastructure protection; Halima Ibrahim Kure; Shareeful Islam; Haralambos Mouratidis;
https://doi.org/10.1007/s00521-022-06959-2(0123456789().,-volV)(0123456789,-().volV)
• Internet of Things (IoT) Cybersecurity: Literature Review and IoT Cyber Risk Management; In Lee
• Differential Petri Net Models for Industrial Automation and Supervisory Control; Isabel Demongodin; Nick T. Koussoulas, Member, IEEE; IEEE TRANSACTIONS ON SYSTEMS,
MAN, AND CYBERNETICS—PART C: APPLICATIONS AND REVIEWS, VOL. 36, NO. 4, JULY 2006 16
Thank You
17