#42 IT vs OT in Cyber security

-

How do IT and OT Cyber security Differ?

Operational technology (OT) is hardware and software that detects or causes a change through the direct monitoring and control of industrial equipment, assets, processes, and events. In contrast, information technology covers the entire spectrum of technologies for information processing, including software, hardware, communications technologies, and related services

related services. Before we delve into the cyber security challenges affecting the maritime industry, let’s take a step back and examine some of the differences between IT and OT systems. Some of the differences in system requirements include:

Differences in System Requirements

IT System Requirements OT System Requirements
Performance Non-real-time
Response must be consistent Less critical emergency interaction
Tightly restricted access control can be
implemented to the degree necessary for security
 Real-time
Response is time-critical
Response to human and other emergency interaction is critical
Access should be strictly controlled,
but should not hamper or interfere with human-machine interaction
Availability/Reliability Responses such as rebooting are acceptable
Availability deficiencies can often be tolerated,
depending on the system’s operational requirements 		Responses such as rebooting may not be acceptable
because of operational requirements
Availability requirements may necessitate redundant systems
Risk Management Manage data
Data confidentiality and integrity is paramount
Fault tolerance is less critical – momentary downtime is not a major risk
Significant risk impacts may lead to delays in ship clearance, loading/unloading, business operations 		Control physical world
Human safety is paramount, followed by protection of the process
Fault tolerance is essential; even momentary downtime may not be acceptable
Major risk impacts are regulatory non-compliance, environmental impacts, harm to the crew on board, equipment and/or cargo
System Operations Systems are designed for use with typical operating systems
Upgrades are straightforward with the availability of automated deployment tools 		Differing and possibly proprietary operating systems, often without security capabilities built-in
Software changes must be carefully made, usually by software vendors,
because of the specialized control algorithms and modified hardware and software involved
Resource Constraints Systems are specified with enough resources to support the addition of third-party applications such as security solutions Systems are designed to support the intended industrial process and may not have enough memory and computing resources to support the addition of security capabilities
Communications Standard communications protocols
Primarily wired networks with some localized wireless capabilities
Typical IT networking practices 		Many proprietary and standard communication protocols
Several types of communications media used, including radio, satellite Internet, ship to shore, ship to ship, VoIP
Networks are complex and sometimes require the expertise of control engineers
Component Lifetime 3 to 5 years 10 to 15 years
Component Location Components are usually local and easy to access Components can be isolated, remote, and might require extensive physical effort to gain access to them

From a cyber-security perspective, OT and IT are different in several ways. On staffing, there is a cyber-security specialization on the IT side. Professionals have been specifically trained and certified in application security, network security, or other security disciplines. In OT, those tasked with security are usually operational technology people. As part of their day job, they have to also deal with security it's an add-on, not a specialization.

OT and IT are different, especially in attack outcomes. An attack on IT could lead to data theft, while an attack on OT could lead to injury or loss of life, asset damage, or environmental impact. Traditional cyber security measures fail to protect vessels from cyber-attacks and leave the OT network exposed, falling short on providing the visibility and protection required for cyber-physical processes underlying in the maritime industry. And with the convergence of IT and OT, organizations must balance the use of traditional IT security tools at the network and endpoint layer with specialized security tools designed for OT requirements.

Comments

Post a Comment

Popular posts from this blog

#41 Maritime Cybersecurity

-
Image
Maritime is one of the oldest industries and lifeblood of the global economy, accounting for the carriage of 90% of world trade. Ships and other vessels may seem like unusual targets for cyberattacks. But with their growing use of industrial control systems (ICS) and satellite communications, hackers have a new playground that’s ripe for attack. In a 2020 Safety at Sea and BIMCO Maritime Cyber Security survey, despite the majority of respondents (77%) viewing cyber-attacks as a high or medium risk to their organizations, few appear to be prepared for the aftermath of such an attack, 64% of respondents said their organization has a business continuity plan in place to follow in the event of a cyber incident, but only 24% claimed it was tested every three months, and only 15% said that it was tested every six to 12 months. Only 42% of respondents said that their organization protects vessels from operational technology (OT) cyber threats, and some respondents went so far as to describe
Read more

#21 What is Mooring of Ships

-
Image
We have been intrigued by this question: How are ships ‘parked’ upon their arrival in ports, jetties, and piers? Unlike cars, they can’t simply be put off gear and parking brakes! Ships don’t have brakes in the first place. Ships need to be fastened and fixated soundly for conducting all kinds of shore operations such as cargo loading/unloading, refuelling, bunkering, ballasting/deballasting, boarding/deboarding, maintenance, repairing, and often for idle times based on voyage schedules and berth or workforce availability. So, mooring or the system of securing a vessel soundly for the purposes mentioned above is indispensable in studying ships and offshore structures.  Differences between mooring, docking and anchoring It is common to get confused with the terms mooring, docking and anchoring and may use them interchangeably. But there are stark differences between them.  Anchoring is the system of securing a vessel amid the sea when the ship is not near the vicinity of a per
Read more

#59 Manned to AI Ships Era (iota/1): Navigating the Future with Technological Waves

-
Image
“Investing on Yourself is the best investment”. 2030 year going to be a massive change throughout the world in all the fields. Starts from pollution norms, recycling, IIOT etc. Technology developments will take over all industry in a prompt time. AI is the field of conceiving, designing and developing machines which should perform tasks that usually   requires human intelligence. AI is the art and science of developing machines running  on intelligent algorithms that make them capable of   thinking, acting and learning like human beings.  In lay-man language we are expecting a intelligent machines in the field of engineering and technology. Scanner and sensors types going to increase more like thermal, light, proximity, chemicals, barometric, speech, audio, image. Human Machine Interface to synchronization for commanding/operating the ship from shore requires. Education and training are required to meet AI and to with the emerging accomplishments, experts say that full artificial intel
Read more