The document discusses several challenges around ensuring cybersecurity and resilience of critical infrastructure systems. As infrastructure becomes more digitally connected and complex, it faces increased cyber vulnerabilities. Regulators need to provide clear requirements and assign accountability, while utilities must accept responsibility and make necessary investments to update their infrastructure. International standards like those from the IEC provide common platforms to encourage cooperation on these issues. The goal is to implement a "defense-in-depth" architecture using standards and frameworks like ISO/IEC 27000 series and IEC 62443 for industrial control systems.
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Critical challenges in enhancing digital resilience of cyber physical systems
1.
2. Critical challenges
• Digital risks to critical
infrastructure?
• How to enhance digital
resilience?
• Who is responsible for
what?
• How to verify proper
implementation of
regulations?
3. Example: energy
Complexity is increasing:
+ More interconnection
+ More information exchange
+ Higher reliability, increased
control
+ Better interoperability
- Increased cyber
vulnerabilities
5. Protecting cyber physical systems
Virtual world
Data
Identify, correct, protect
from constant attacks
Large surface for attacks
Physical world
Ensure physical function -
reliability, time and time
again - either/or
Narrow surface for attacks
ICT OT
6. Global risks, global approach
Prefer common platforms that
encourage cooperation and
avoid island solutions
IEC Standards:
• Global reach – 171 countries
• Members = countries
not companies
• Built-in high consensus value
• Neutral, independent
Provide input to standardization
7. Three axes of cyber security
Credit: Schneider Electric
9. Build to International Standards
Credit: Schneider Electric
IEC: 235 OT and ICT security related publications
IEC CA Systems also active in cyber security – helps regulators
verify implementation
12. • IECEE solutions for the
cyber physical world
• IEC 62443 series for
Industrial Automation and
Control Systems (IACS)
builds on established
Standards - e.g., ISO/IEC
27000 series
• “Defense-in-depth”
architecture is the goal
IEC Security Infrastructure
Solution (SIS) – Cyber security
13. Most successful strategies :
• Site security evaluation
• Prioritization of “crown jewels”
• Risk assessment, layer of
protection analysis, security
assurance levels
• Exercise alert/detection
systems and personnel
• Disaster recovery
• Continuously re-evaluate and
strengthen
Defense-in-depth
Editor's Notes
Among the most critical challenges is the security of connected cyber physical systems. Very often little or no attention is paid at the design stage to ensure that connected objects are secure against malicious attacks.
The exploitation of cyber vulnerabilities of infrastructure systems is becoming an increasing threat to business and society’s overall security. Let me explain the unique way in which the IEC helps improve cyber security with the example of energy.
Over the past decade, energy systems have become more interconnected and provide more information, resulting in higher reliability, increased levels of control and higher productivity.
Interoperability between different vendor products and systems has been increasingly achieved by deploying products and solutions based on open standards such as the IEC 61850 series which covers communication networks and systems for power utility automation and IEC 61970 the Common Information Model (CIM) for information exchange for energy management systems, SCADA, planning and optimization. However, this change in technologies has also exposed utilities to increased cyber security threats.
Utilities are under huge pressure to update infrastructure but also to reduce cost and increase profitability.
The role of regulators should be to create awareness at the management level by making top management accountable for cyber security outcomes and by providing clear requirements.
Big data opens many new market opportunities but it also generates new risks.
To protect cyber physical systems effectively it is necessary to have an ICT and an OT approach. While IT has to safeguard every layer of the system, continuously correcting any possible weakness, OT is about keeping systems functioning as intended, on or off.
Today, cyber security is generally led by an IT approach. Information and communication technology has lots of moving parts with many variants. Gateways are everywhere and offer a large surface for potential attacks.
IT is responsible for safeguarding every layer, constantly identifying and correcting every possible weakness. The primary focus is about data and its ability to flow securely in a virtual world.
However, given the operational constraints in energy generation and distribution, both an ICT and an OT approach to cyber security is needed. This is also true in many other critical infrastructure systems.
Operational technology systems are engineered for specific actions in the physical world. The primary security focus in OT is about ensuring control over physical outcomes. OT cyber security is a key strength of the IEC.
It is important that cyber security standards go beyond the country level and are built by specialists with the input of regulators and industry. Regulators need to offer common platforms that encourage broad cooperation, interoperability and avoid island solutions.
IEC standards can be a useful tool to design and enforce regulation, because of the high consensus value that is embedded in them. IEC members are countries, not individual companies. IEC governance ensures a neutral and independent platform.
However, if regulators want to benefit from standardization they need to get involved at least in the inception of new topics to be standardized and the management of portfolios of standards.
Cyber-attacks often spread globally. For this reason cyber security standards need to be built by specialists with the input of regulators and industry from around the world.
IEC Standards together with conformity assessment can be useful tools to design and enforce cyber security, because of the high consensus value that is embedded in them.
A concerted effort in international standardization and regulation offers many advantages. However, standards alone will not bring the appropriate level of security or result in an “achieved cyber-secure state”. Mitigating risk and anticipating attack vulnerabilities on utility grids and systems are not just about installing secure technology, but equally about understanding and managing risk.
Adequate protection from cyber threats requires a cyber security strategy at the organization, process and technical levels. Those must include a comprehensive set of measures, processes and technical means as well as proper preparation of people.
A strong cyber defence also needs an ongoing effort and recurring investment in risk assessment, cyber security processes, design and implementation as well as people and asset management.
Cyber security has to be worked out in layers.
Ideally risk assessment and security policy and processes should be led by the ISO/IEC 27000 series of International Standards on IT Security Techniques which provides best practice recommendations in this area.
To ensure high quality and dependable cyber security functionality in heterogeneous installations, preference should be given to technology that is based on International Standards.
The IEC has issued 235 OT and IT security related publications. Some 160 have been developed in cooperation with ISO, including the IEC/ISO 27000 family of Standards. The IEC CA Systems are also active in this area and can help policy makers verify implementation of cyber security regulations.
For example, state of the art cyber security products based on International Standards provide utilities with real-time visibility of security-relevant user activity within their systems and help secure power system-specific communication protocols. IEC 62351 helps ensure that users only receive the permissions they need to perform their duties according to the principle of fewest privileges. The Standard includes a list of pre-defined roles with pre-defined rights. It helps protect access, informs user authentication and establishes security logs contributing to secure communications.
Nuclear power plants are still another ball game in terms of security.
The primary systems that control the reactor and the secondary systems that control the power generation equipment have often been built years ago. They are isolated from each other and most are based on analogue equipment that is not connected to a network and therefore overall less susceptible to cyber-attacks.
However, more recently these systems are being retrofitted with digital equipment and as a result cyber security considerations are moving to the forefront.
Since 1970, the IEC works closely with the International Atomic Energy Agency (IAEA). In 2014, this collaboration resulted in IEC 62645, which directly addresses requirements for cyber security in nuclear power plants. It takes into account the principles and basic safety aspects as well as terminology and definitions applied by the IAEA.
While IEC 62645 applies some of the high-level principles and concepts of ISO/IEC 27000 it tailors them to fit the nuclear context. In particular, it defines adequate measures for the prevention, detection and reaction to malicious cyber-attacks on computer based systems in nuclear power plants. The Standard is intended to be used by nuclear power plant designers, operators, systems evaluators, vendors, subcontractors and licensors.
The IEC is currently also exploring market needs in terms of global certification for products, systems, services and personnel in the area of cyber security. In this context, the IEC, through IECEE is already offering verification solutions to protect the cyber physical world.
The IECEE Conformity Assessment Scheme, commonly called the CB Scheme, now includes a programme, which provides certification to select Standards within the IEC 62443 series, including ISO/IEC 27000.
The aim is to put in place a business-continuity-security-system that helps protect as many assets as possible.
However, since it is impossible to protect everything equally, it is necessary to prioritize the “crown jewels”, to erect the defense-in-depth architecture that provides the best solution to ensure business continuity. IEC 62443 is an important tool in the deployment of this strategy.
An efficient defense-in-depth strategy that is future proof needs to address the following:
Site security practices and policies
Prioritization of assets that require first line defense
Risk assessment of current level of protection
Development of protection strategy, including reason why and who is responsible
Regular testing and verification of readiness of security alert and detection systems, including all relevant responding personnel
Establishment and testing of disaster recovery measures, including backup retrieval and system re-initialization
Continuous evaluation and improvements of protection layers
Last but not least, IEC work is not limited to energy. We also cover a wide array of other areas, including medical, transportation, for example railways, maritime, automotive, manufacturing, finance, home entertainment and smart devices.