Part 3 of an ongoing collaboration between General Electric and Dragos.
This paper is intended to improve engineers’ awareness of emerging security capabilities to help improve conversation with cybersecurity professionals for securely implementing business and engineering requirements that add value. It explores details of how engineers can guide the implementation of good industrial control system (ICS) security into the future as next generation control systems and connectivity requirements emerge (e.g., Industrial Internet of Things (IIOT) or Industry 4.0). It assumes some knowledge of the basics, and focuses on what engineers should learn to design next-generation security around the business and engineering requirements of ICS.
A framework of sliding scales useful for building intuition of the level of protection generally desired based on your degree of connectivity and remote control in combination with the level of threat that you assume based on the similarity between your operations (e.g., industry) and those of victims being targeted. The paper describes each level of the scale in greater detail, and provides examples of emerging capabilities that could serve as a foundation for creative designs of security systems and reinforce the idea that ICS should be treated as systems in which security is part of the design and evolution, rather than a patch after the system is in operation.