Abstract
Recent events have demonstrated that critical infrastructure assets operated by networked industrial control systems are vulnerable to cyber attacks. The first step to addressing the threats is to establish and maintain reliable monitoring of the cyber security health of systems so that their true cyber security states are known. For current operational technology systems, there is growing, but limited, availability of technologies and tools that provide the needed cyber security awareness. This chapter summarizes recent efforts conducted in collaboration with members of the U.S. natural gas distribution sector to develop a set of recommended functional requirements for cyber security health monitoring and awareness of operational technology systems. The design-driven process is described and the resulting nine key recommendations for securing operational technology systems are presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cybersecurity and Infrastructure Security Agency, Alert (AA20-205A) NSA and CISA recommended immediate actions to reduce exposure across operational technologies and control systems, Arlington, Virginia (www.us-cert.cisa.gov/ncas/alerts/aa20-205a), October 24, 2020.
Cybersecurity and Infrastructure Security Agency, Securing Industrial Control Systems: A Unified Initiative, FY2019–2023, Arlington, Virginia (www.cisa.gov/sites/default/files/publications/Securing_Industrial_Control_Systems_S508C.pdf), 2020.
Cybersecurity and Infrastructure Security Agency, Assessments, Arlington, Virginia (us-cert.cisa.gov/ics/Assessments), 2021.
Cybersecurity and Infrastructure Security Agency, Downloading and installing Cyber Security Evaluation Tool (CSET), Arlington, Virginia (us-cert.cisa.gov/ics/Downloading-and-Installing-CSET), 2021.
K. Davis, Texas A&M: CYPRES, Cybersecurity for Energy Delivery Systems Peer Review, Texas A&M Engineering Experiment Station, College Station, Texas (www.energy.gov/ceser/cybersecurity-energy-delivery-systems-2020-peer-review-presentations), October 6-7, 2020.
Dragos, Dragos: Neighborhood Keeper, Cybersecurity for Energy Delivery Systems Peer Review, Hanover, Maryland (www.energy.gov/ceser/cybersecurity-energy-delivery-systems-2020-peer-review-presentations), 2020.
D. Gammel, Schweitzer Engineering Laboratories: Ambassador, Cybersecurity for Energy Delivery Systems Peer Review, Schweitzer Engineering Laboratories, Pullman, Washington (www.energy.gov/ceser/cybersecurity-energy-delivery-systems-2020-peer-review-presentations), 2020.
Gas Technology Institute, Identifying and Addressing High-Priority Cybersecurity Issues, Des Plaines, Illinois (www.gti.energy/identifying-and-addressing-high-priority-cybersecurity-issues), 2021.
Hasso Plattner Institute of Design, Getting Started with Design Thinking, Stanford University, Stanford, California (www.dschool.stanford.edu/resources/getting-started-with-design-thinking), 2021.
C. Hurd and M. McCarty, A Survey of Security Tools for the Industrial Control System Environment, INL/EXT-17-42229 Revision 1, Idaho National Laboratory, Idaho Falls, Idaho, 2017.
M. Locasto and D. Balenson, A comparative analysis approach for deriving failure scenarios in the natural gas distribution infrastructure, in Critical Infrastructure Protection XIII, J. Staggs and S. Shenoi (Eds.), Springer, Cham, Switzerland, pp. 19–50, 2019.
M. Locasto and D. Balenson, Threat intelligence for grid recovery, presented at the More Situational Awareness for Industrial Control Systems (MOSAICS) Industry Day (www.rdp21.org/wp-content/uploads/2020/11/MOSAICS-Industry-Day-SRI-TIGR-v3-1.pdf), 2020.
J. McCarthy, O. Alexander, S. Edwards, D. Faatz, C. Peloquin, S. Symington, A. Thibault, J. Wiltberger and K. Viani, Situational Awareness for Electric Utilities, NIST Special Publication 1800-7, National Institute of Standards and Technology, Gaithersburg, Maryland, 2019.
M. Nielsen, General Electric: Natural Gas Compression, Cybersecurity for Energy Delivery Systems Peer Review, GE Research, Niskayuna, New York (www.energy.gov/ceser/cybersecurity-energy-delivery-systems-2020-peer-review-presentations), 2020.
Office of Cybersecurity, Energy Security and Emergency Response, 2020 Cybersecurity for Energy Delivery Systems Peer Review, U.S. Department of Energy, Washington, DC (www.energy.gov/ceser/articles/2020-cybersecurity-energy-delivery-systems-peer-review), 2020.
Office of Cybersecurity, Energy Security and Emergency Response, Cybersecurity for Energy Delivery Systems 2020 Peer Review Presentations, U.S. Department of Energy, Washington, DC (www.energy.gov/ceser/cybersecurity-energy-delivery-systems-2020-peer-review-presentations), 2020.
Office of Cybersecurity, Energy Security and Emergency Response, Cybersecurity Research, Development and Demonstration (RD&D) for Energy Delivery Systems, U.S. Department of Energy, Washington, DC (www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/cybersecurity-research-development-and), 2020.
Office of Electricity, Liberty Eclipse Energy Cyber Incident Exercise, Exercise Summary Report, U.S. Department of Energy, Washington, DC (www.energy.gov/sites/default/files/2017/05/f34/LE%20FINAL%20Exercise%20Summary%201May2017_Public%20Doc.pdf), 2017.
Transportation Security Administration, Pipeline Security Guidelines, Springfield, Virginia (www.tsa.gov/sites/default/files/pipeline_security_guidelines.pdf), 2021.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Ellis, T., Balenson, D., Locasto, M. (2022). Cyber Security Awareness Requirements for Operational Technology Systems. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XV. ICCIP 2021. IFIP Advances in Information and Communication Technology, vol 636. Springer, Cham. https://doi.org/10.1007/978-3-030-93511-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-93511-5_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93510-8
Online ISBN: 978-3-030-93511-5
eBook Packages: Computer ScienceComputer Science (R0)