Skip to main content
SpringerLink
Log in

Cyber Security Awareness Requirements for Operational Technology Systems

  • Conference paper
  • First Online:
Critical Infrastructure Protection XV (ICCIP 2021)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 636))

Included in the following conference series:

  • 413 Accesses

Abstract

Recent events have demonstrated that critical infrastructure assets operated by networked industrial control systems are vulnerable to cyber attacks. The first step to addressing the threats is to establish and maintain reliable monitoring of the cyber security health of systems so that their true cyber security states are known. For current operational technology systems, there is growing, but limited, availability of technologies and tools that provide the needed cyber security awareness. This chapter summarizes recent efforts conducted in collaboration with members of the U.S. natural gas distribution sector to develop a set of recommended functional requirements for cyber security health monitoring and awareness of operational technology systems. The design-driven process is described and the resulting nine key recommendations for securing operational technology systems are presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 99.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cybersecurity and Infrastructure Security Agency, Alert (AA20-205A) NSA and CISA recommended immediate actions to reduce exposure across operational technologies and control systems, Arlington, Virginia (www.us-cert.cisa.gov/ncas/alerts/aa20-205a), October 24, 2020.

    Google Scholar 

  2. Cybersecurity and Infrastructure Security Agency, Securing Industrial Control Systems: A Unified Initiative, FY2019–2023, Arlington, Virginia (www.cisa.gov/sites/default/files/publications/Securing_Industrial_Control_Systems_S508C.pdf), 2020.

    Google Scholar 

  3. Cybersecurity and Infrastructure Security Agency, Assessments, Arlington, Virginia (us-cert.cisa.gov/ics/Assessments), 2021.

    Google Scholar 

  4. Cybersecurity and Infrastructure Security Agency, Downloading and installing Cyber Security Evaluation Tool (CSET), Arlington, Virginia (us-cert.cisa.gov/ics/Downloading-and-Installing-CSET), 2021.

    Google Scholar 

  5. K. Davis, Texas A&M: CYPRES, Cybersecurity for Energy Delivery Systems Peer Review, Texas A&M Engineering Experiment Station, College Station, Texas (www.energy.gov/ceser/cybersecurity-energy-delivery-systems-2020-peer-review-presentations), October 6-7, 2020.

    Google Scholar 

  6. Dragos, Dragos: Neighborhood Keeper, Cybersecurity for Energy Delivery Systems Peer Review, Hanover, Maryland (www.energy.gov/ceser/cybersecurity-energy-delivery-systems-2020-peer-review-presentations), 2020.

    Google Scholar 

  7. D. Gammel, Schweitzer Engineering Laboratories: Ambassador, Cybersecurity for Energy Delivery Systems Peer Review, Schweitzer Engineering Laboratories, Pullman, Washington (www.energy.gov/ceser/cybersecurity-energy-delivery-systems-2020-peer-review-presentations), 2020.

    Google Scholar 

  8. Gas Technology Institute, Identifying and Addressing High-Priority Cybersecurity Issues, Des Plaines, Illinois (www.gti.energy/identifying-and-addressing-high-priority-cybersecurity-issues), 2021.

    Google Scholar 

  9. Hasso Plattner Institute of Design, Getting Started with Design Thinking, Stanford University, Stanford, California (www.dschool.stanford.edu/resources/getting-started-with-design-thinking), 2021.

    Google Scholar 

  10. C. Hurd and M. McCarty, A Survey of Security Tools for the Industrial Control System Environment, INL/EXT-17-42229 Revision 1, Idaho National Laboratory, Idaho Falls, Idaho, 2017.

    Google Scholar 

  11. M. Locasto and D. Balenson, A comparative analysis approach for deriving failure scenarios in the natural gas distribution infrastructure, in Critical Infrastructure Protection XIII, J. Staggs and S. Shenoi (Eds.), Springer, Cham, Switzerland, pp. 19–50, 2019.

    Google Scholar 

  12. M. Locasto and D. Balenson, Threat intelligence for grid recovery, presented at the More Situational Awareness for Industrial Control Systems (MOSAICS) Industry Day (www.rdp21.org/wp-content/uploads/2020/11/MOSAICS-Industry-Day-SRI-TIGR-v3-1.pdf), 2020.

    Google Scholar 

  13. J. McCarthy, O. Alexander, S. Edwards, D. Faatz, C. Peloquin, S. Symington, A. Thibault, J. Wiltberger and K. Viani, Situational Awareness for Electric Utilities, NIST Special Publication 1800-7, National Institute of Standards and Technology, Gaithersburg, Maryland, 2019.

    Google Scholar 

  14. M. Nielsen, General Electric: Natural Gas Compression, Cybersecurity for Energy Delivery Systems Peer Review, GE Research, Niskayuna, New York (www.energy.gov/ceser/cybersecurity-energy-delivery-systems-2020-peer-review-presentations), 2020.

    Google Scholar 

  15. Office of Cybersecurity, Energy Security and Emergency Response, 2020 Cybersecurity for Energy Delivery Systems Peer Review, U.S. Department of Energy, Washington, DC (www.energy.gov/ceser/articles/2020-cybersecurity-energy-delivery-systems-peer-review), 2020.

    Google Scholar 

  16. Office of Cybersecurity, Energy Security and Emergency Response, Cybersecurity for Energy Delivery Systems 2020 Peer Review Presentations, U.S. Department of Energy, Washington, DC (www.energy.gov/ceser/cybersecurity-energy-delivery-systems-2020-peer-review-presentations), 2020.

    Google Scholar 

  17. Office of Cybersecurity, Energy Security and Emergency Response, Cybersecurity Research, Development and Demonstration (RD&D) for Energy Delivery Systems, U.S. Department of Energy, Washington, DC (www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/cybersecurity-research-development-and), 2020.

    Google Scholar 

  18. Office of Electricity, Liberty Eclipse Energy Cyber Incident Exercise, Exercise Summary Report, U.S. Department of Energy, Washington, DC (www.energy.gov/sites/default/files/2017/05/f34/LE%20FINAL%20Exercise%20Summary%201May2017_Public%20Doc.pdf), 2017.

    Google Scholar 

  19. Transportation Security Administration, Pipeline Security Guidelines, Springfield, Virginia (www.tsa.gov/sites/default/files/pipeline_security_guidelines.pdf), 2021.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SRI International, San Diego, California, USA

    Tim Ellis

  2. Infrastructure Security Group, SRI International, Arlington, Virginia, USA

    David Balenson

  3. SRI International, Princeton, New Jersey, USA

    Michael Locasto

Authors
  1. Tim Ellis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Balenson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Locasto
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David Balenson .

Editor information

Editors and Affiliations

  1. University of Tulsa, Tulsa, OK, USA

    Jason Staggs

  2. University of Tulsa, Tulsa, OK, USA

    Sujeet Shenoi

Rights and permissions

Reprints and permissions

Copyright information

© 2022 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ellis, T., Balenson, D., Locasto, M. (2022). Cyber Security Awareness Requirements for Operational Technology Systems. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XV. ICCIP 2021. IFIP Advances in Information and Communication Technology, vol 636. Springer, Cham. https://doi.org/10.1007/978-3-030-93511-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-93511-5_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-93510-8

  • Online ISBN: 978-3-030-93511-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation