Last week you identified failure scenarios that could cause a high consequence event when OT is compromised. This week’s task is simple and important.
For each failure scenario from Week 15, identify a solution that would prevent the high consequence event if OT were compromised and under complete control of an attacker. An attacker who has the same privileges on OT as your most trusted Engineer or Admin.
Consider the glass factory scenario from the last week. The problem is there is no way to lower the heat if the PLC controlling the heat is unavailable, due to a cyber attack or any other reason. One possible solution is to put a manual control by the production line. It might not provide the fine level control required to produce high quality glass, but it would allow the operations team to lower the temperature so the material could run through the line prior to shut down. It would provide the material temperature control so the production line is not lost.
Brainstorm solutions with a team of engineers, security professionals, and others with an open mind. Consider:
- Manual controls when automation is unavailable
- Unhackable safety or protection (no changeable cyber component)
- Manual process based actions for high risk functions (e.g. an operator must visually verify a reading and activate network access to allow the automation to run the function)
- Safety or protection that is not accessible from OT (see Week 17 for design details)
You are looking for the solution with the most certainty and lowest cost.
_________
Failure Scenario 1
High Consequence Event Avoidance Solution 1
_________
Failure Scenario 2
High Consequence Event Avoidance Solution 2
_________
Failure Scenario 3
High Consequence Event Avoidance Solution 3