The cybersecurity dimension of critical [energy] infrastructure

The advances in information and communications technologies have provided possibilities for new functions, features and efficiencies in remotely managing and controlling industrial processes and services essential to the national economy and well-being of our societies. Unfortunately for every new feature introduced by these wonderful enabling technologies there is a vulnerability that can cause an unintentional accident or be intentionally exploited by an adversary. This is well understood by specialists working in Information Technology (IT) and there are well established best practices for protecting computers, data, websites, and networks. However, in protecting critical infrastructure and the technologies used by Industrial Control Systems (ICS) or Operational Technology (OT) the IT security practices that are very good at protecting data and networks do not fully apply in protecting a physical process or preserving a desired process state. For example safely monitoring and controlling the physical processes in generating electricity at a nuclear power station (flow of coolant), insuring the right level of chemicals are added to drinking water, refining crude oil at a petrochemical plant, pumping liquid fuel or compressed gas down a pipeline or safely running a railway system. This presentation will point out the peculiarities and challenges faced by security practitioners in protecting the supporting ICS technologies of these complex systems that provide the technical foundation for modern economic life, insuring national security and well-being of society.