In the realm of cybersecurity, a new approach known as Cyber-Informed Engineering (CIE) is gaining traction among operational technology (OT) and IT teams. This collaboration between OT and engineering teams, as well as IT and enterprise cybersecurity teams, represents a significant shift in addressing cyber risks to physical operations—an area that has been historically challenging to secure.
The escalating threat landscape facing OT environments only emphasizes the urgency of bringing together these diverse teams to combat cyber threats. A recent report by Waterfall / ICSStrive revealed that in 2023, more than 68 cyber-attacks resulted in the shutdown, damage, or physical impact of over 500 OT sites. This alarming trend of attacks has escalated dramatically in recent years, highlighting the need for a comprehensive and collaborative approach to OT security.
Ransomware attacks are the most common cause of shutdowns in OT environments, but other forms of attacks such as hacktivist, supply chain, and nation-state attacks are also on the rise. What’s particularly concerning is the convergence of sophisticated ransomware groups and nation states sharing attack tools, blurring the lines between different threat actors.
One of the key challenges in securing OT networks is the fundamental difference between OT and IT systems. While IT networks primarily deal with protecting information assets, OT networks automate physical processes that can have serious safety and operational implications. This unique aspect of OT networks requires a tailored approach to cybersecurity that prioritizes the protection of physical operations above all else.
Additionally, engineering teams in charge of OT systems face stringent requirements around change control and risk management. Any proposed changes to OT networks must undergo thorough evaluation to assess the potential impact on safety and operational efficiency. Engineering Change Control (ECC) processes ensure that any modifications to OT systems are carefully considered and implemented to minimize risks. However, implementing these changes can be costly and resource-intensive, especially for organizations with limited engineering capabilities.
Recognizing the need for a holistic approach to OT security, Idaho National Laboratory has introduced the Cyber-Informed Engineering (CIE) initiative. CIE aims to bridge the gap between cybersecurity and engineering disciplines by leveraging the expertise of both teams to address cyber threats to physical operations. By integrating cybersecurity knowledge with engineering tools for managing physical risk, CIE offers a comprehensive solution to the evolving threats facing OT environments.
One of the key principles of CIE is the concept of “spending the whole coin,” which emphasizes the importance of leveraging both cybersecurity and engineering solutions to enhance OT security. By combining traditional engineering safeguards, such as mechanical protections, with cybersecurity measures, organizations can create a robust defense against cyber threats that could jeopardize physical operations.
Despite the transformative potential of CIE, its adoption represents a significant shift in the OT security landscape. As engineering teams and security professionals familiarize themselves with this new approach, they are recognizing the inherent value in integrating engineering tools and cybersecurity practices to fortify OT systems. By leveraging the collective expertise of both disciplines, organizations can address the complex challenges of OT security in a more effective and cost-efficient manner.
In conclusion, Cyber-Informed Engineering heralds a new era of collaboration between IT, OT, and engineering teams to enhance the security of critical infrastructure and physical operations. By embracing a holistic approach that combines cybersecurity knowledge with engineering best practices, organizations can better defend against the evolving threats facing OT environments. As the cybersecurity landscape continues to evolve, initiatives like CIE offer a promising path forward in safeguarding OT systems from malicious actors.