Cyber-physical systems risk landscape and its impact on human safety

Thursday
 
28
 
November
1:00 pm
 - 
1:40 pm
Topic
Internet of Things / Operational Technology
Agenda
Sign in to add this session to your agenda
Add to My AgendaAdded to My Agenda
Location
Room 103
Theme
Cyber Security Infrastructure

Speakers

Jason Pearce
Jason Pearce

Jason Pearce

Jason Pearce

Field CTO Asia Pacific & Japan
Claroty

Synopsis

As our world becomes increasingly interconnected, the industrial landscape faces unprecedented challenges in securing critical infrastructure against cyber threats. This in-depth presentation delves into the evolving risk landscape, emphasizing the intersection of technology, human behavior, and safety. By understanding these dynamics, we can fortify our defenses and safeguard both digital assets and human lives.

Introduction

The convergence of operational technology (OT) and information technology (IT) has revolutionized industries, enabling efficiency, automation, and innovation. However, this integration also exposes vulnerabilities, making industrial systems susceptible to cyberattacks. In this comprehensive review, we explore the multifaceted risk landscape and its profound implications for human safety.

Why Threat Actors Target Industrial Cyber-Physical Systems:

Attractive Entry Points to IT Systems:

  • Interconnectedness: CPS systems often share networks with IT systems. An attack on an OT component can serve as a gateway to infiltrate broader IT infrastructure.
  • Less Stringent Security: OT historically prioritized safety over security, resulting in less robust defenses. Threat actors exploit this gap to pivot into IT networks.
  • Criticality: Disrupting industrial processes has cascading effects. By compromising OT, attackers can impact IT systems vital for business continuity.
  • Economic Gain: Ransomware attacks targeting OT can extort organizations, leveraging the urgency of operational disruptions.
  • Espionage and Sabotage: Nation-states and competitors seek intellectual property, trade secrets, or strategic advantages by infiltrating OT and subsequently IT.

Difference in Human Risk vs. Human Safety between IT and OT:

IT Cybersecurity (Human Risk):

  • Focus: IT systems emphasize data availability, striving to ensure information is accessible and secure.
  • Consequences: Failures in IT security primarily impact data integrity, privacy, and business continuity.

OT Cybersecurity (Human Safety):

  • Focus: OT shifts its focus to safety and reliability, where downtime or disruptions can lead to physical hazards, accidents, and potential harm to humans or the environment.
  • Consequences: CPS vulnerabilities directly affect human lives, environmental well-being, and critical infrastructure functionality.

Mitigation Strategies: Balancing Technology and Human Factors

This section will discuss why there is a need to balance technology and human factors to improve organizational resilience, focusing on the key areas of:

Human-Centric Approach:

  • Safety Culture
  • Employee engagement: Involve all levels of the organization.

Technology Measures:

  • Network Segmentation
  • Patch Management
  • Access Controls
  • Incident Response Plans
  • Industry Partnerships and Government Involvement

Conclusion:

Securing Our Industrial Future

Industrial cybersecurity is not just about protecting data; it’s about safeguarding lives. By addressing the Cyber-Physical Systems risk landscape holistically and prioritizing human safety, we can build resilient systems that withstand cyber threats while ensuring the well-being of our communities. Let us collectively work toward a safer, more secure industrial ecosystem.

Back to Program

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

Acknowledgement of Country