Guide to Operational Technology (OT) Security

Stouffer, Keith; Pease, M. S.; Tang, CheeYee; Zimmerman, Timothy; Pillitteri, Victoria; Lightman, Suzanne

doi:10.6028/nist.sp.800-82r3.ipd

Cited by 27 publications

(27 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Given the importance of semiconductor manufacturing globally, nation-state campaigns such as Operation Skeleton Key (Osborne 2020) against Taiwanese manufacturers underscore the need to quantify the risk of targeted, cyber-originating disruptions to semiconductor manufacturing. This aligns with recent efforts, including the SEMI Cybersecurity Standard, Specification for Malware Free Equipment Integration (SEMI 2022), as well as NIST 800-82, Guide to Operational Technology (OT) Security (Stouffer et al 2022).…”

Section: Introductionsupporting

confidence: 76%

“…Our work focuses on cyber-originating disruption models for semiconductor manufacturing and as such, augments the well-known reference model for the Intel Minifab (Kempf 1994) with concepts based on the Purdue Enterprise Reference Architecture (PERA) for Operational Technology (OT) (Williams 1994;ENISA 2018;Langill, Hegrat, and Peterson 2019). There are a variety of emerging cybersecurity standards within the industry including the SEMI Cybersecurity Standard, specification of malware-free equipment integration (SEMI 2022); the NISTIR 8183A, Cybersecurity Framework Manufacturing Profile (Stouffer et al 2019); and more generally the Guide to Operational Technology Security (NIST 800-82r3) (Stouffer et al 2022). Texas Instruments recently motivated the need for a Cyber-Physical IT assessment tool for semiconductor manufacturing companies (Cayetano et al 2018).…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Simulating Energy and Security Interactions in Semiconductor Manufacturing: Insights from the Intel Minifab Model

Weaver

William

Hasenbein

et al. 2022

2022 Winter Simulation Conference (WSC)

View full text Add to dashboard Cite

Semiconductor manufacturing, particularly wafer fabrication, is a highly complex system of processes and workflows. Fabrication facilities must deal with re-entrant flows to support multiple types of wafers being produced simultaneously, each with their own deadlines and specifications. The manufacturing process itself depends upon the ability to control and programmatically adjust a variety of environmental conditions. In addition, wafer fabrication consumes large amounts of energy, particularly electricity.

show abstract

Section: Introductionsupporting

confidence: 76%

Section: Related Workmentioning

confidence: 99%

Simulating Energy and Security Interactions in Semiconductor Manufacturing: Insights from the Intel Minifab Model

Weaver

William

Hasenbein

et al. 2022

2022 Winter Simulation Conference (WSC)

View full text Add to dashboard Cite

show abstract

“…A DCS enables distributed control within a defined geographic area, whereas SCADA systems are used for centralised control and monitoring of geographically scattered assets (Yadav and Paul, 2021). Building automation systems (BAS), physical access control systems (PACS), and safety systems are additional ICS (Stouffer et al, 2022). Common ICS and their components are covered in this section, including the sectors in which they are typically used.…”

Section: Industrial Control Systemsmentioning

confidence: 99%

An Analysis of Critical Cybersecurity Controls for Industrial Control Systems

Sekonya

Sithungu

2023

eccws

View full text Add to dashboard Cite

Industrial Control Systems (ICS) comprise software, hardware, network systems, and people that manage and operate industrial processes. Supervisory Control and Data Acquisition Systems (SCADA) and Distributed Control Systems (DCS) are two of the most prevalent ICS. An ICS facilitates the effective and efficient management and operation of industrial sectors, including critical infrastructure sectors like utilities, manufacturing, and water treatment facilities. An ICS collects and integrates data from various field controllers deployed in industrial contexts, enabling operators to make data-driven decisions in managing industrial operations. Historically, ICS were isolated from the internet, functioning as part of air-gapped networks. However, the efficiency improvements brought about by the emergence of Information Technology necessitated a shift towards a more connected industrial environment. The convergence of Information and Operational Technology (IT/OT) has made ICS vulnerable to cyberattacks. Due to the crucial nature of the infrastructure that ICS manage, cyberattacks against ICS may cause critical infrastructure sectors to experience downtime. This may have a crippling impact on a country's well-being and essential economic activities. Given the proliferation of cyber warfare, cyberattacks against ICS are increasingly significant at present, as was the case during the 2015 attack on Ukraine's power infrastructure, which was successful in causing a blackout that affected over 200 000 persons. The threat actors used malicious software known as "BlackEnergy3", which was created to interfere with the regular operation of the ICS in charge of controlling electrical substations. This was the first known instance of malicious software causing blackouts. In response to increasing cyberattacks against ICS, the SANS Institute, in a whitepaper titled “The Five ICS Cybersecurity Critical Controls”, present five critical controls for an ICS cybersecurity strategy. This paper discusses ICS and the increased convergence of IT and OT. The paper also outlines significant cyberattacks directed at ICS. The paper then follows an exploratory research methodology done in response to the Five ICS Cybersecurity Critical Controls to determine the state of ICS literature that can help ICS operators secure their environments in accordance with the framework. Additionally, the ICS Cybersecurity Critical Controls are mapped to the NERC CIP standards, which provide guidance on the security of the Bulk Electric System (BES) and associated critical assets in North America.

show abstract

“…This issue is not a problem while dealing with an event in IT environments because, in most cases, the IT system is under the full responsibility and control of one department, the IT department. However, this is not the case in OT [2]. A primary aspect that affects incident handling in OT is the number of stakeholders (e.g., operators, maintenance teams, engineers, cyber analysts) doing some level of analysis in the system.…”

Section: Main Incident Response Challenge In Otmentioning

confidence: 99%

Digital Forensics and Incident Response (DFIR) framework for Operational Technology (OT)

Salfati¹,

Pease²

2022

Self Cite

View full text Add to dashboard Cite

This document provides a new Digital Forensics and Incident Response (DFIR) framework dedicated to Operational Technology. This framework expands the traditional technical steps of IT Incident Response by giving an Incident Response procedure based on event escalation and provides techniques for OT Digital Forensics. The document begins with an overview of OT DFIR while discussing DFIR terms in general and explaining the unique properties of DFIR in OT. Later, the document describes the needed preparations for OT DFIR, such as an IRT establishment and Digital Forensics lab tools. Finally, the document provides the suggested OT DFIR framework with a detailed explanation of its phases and steps.

show abstract

Guide to Operational Technology (OT) Security

Abstract: All comments are subject to release under the Freedom of Information Act (FOIA).NIST SP 800-82r3 Guide to Operational Technology (OT) Security

Cited by 27 publications

References 1 publication

Simulating Energy and Security Interactions in Semiconductor Manufacturing: Insights from the Intel Minifab Model

Simulating Energy and Security Interactions in Semiconductor Manufacturing: Insights from the Intel Minifab Model

An Analysis of Critical Cybersecurity Controls for Industrial Control Systems

Digital Forensics and Incident Response (DFIR) framework for Operational Technology (OT)

Contact Info

Product

Resources

About