Operational Technology (OT), as distinct from Information Technology (IT), refers to the hardware and software that controls an industrial process. Despite increasing similarities between OT and IT architectures and components there are quite fundamental differences in the make-up of cyber attacks on each. In To Kill a Centrifuge, an in-depth technical analysis of the Stuxnet attack, Ralph Langner has already identified three distinct layers of a sophisticated cyber-physical attack: the IT, the Industrial Control Systems (ICS) and the physical layers. The SANS Institute in the U.S. has recently published an anatomy of cyber attacks on ICS, involving two multi-phase stages: 1) cyber intrusion preparation and execution – what can be thought of as intelligence gathering; and 2) ICS attack development and execution.
I’ve just returned from the Cyber Security Show 2016, held 8-9 March 2016 at the Business Design Centre, Islington. This incorporated an exhibition and conference, one of the major annual cyber security conferences in the UK, for which I was Chairman for the two days.
It is a particularly interesting time in the world of Cyber Security. Just a month ago, President Obama launched the U.S. Cybersecurity National Action Plan. The measures announced include the creation of a Commission on Enhancing National Cybersecurity, a $3.1bn Information Technology Modernization Fund, a new National Cybersecurity Awareness Campaign to empower Americans to better secure their online accounts, and a $19bn investment in cyber during the 2017 Fiscal year.