Security of Operational Technology Systems
The aim of this section is to provide basic information on cybersecurity for all operators of industrial devices. Information on cybersecurity of industrial systems is also essential for designers, suppliers and manufacturers of devices.
This section is intended for top managers of IT, energy, strategy, planning, investment, procurement as well as for operation and maintenance managers and technical staff.
Today, we are witnessing a new era when the term cybersecurity is also transferred to industrial systems that use a processor technology too. These systems are referred to in professional practice as OT systems (Operational technology).
- More information in Technological and Functional Difference between IT and OT
Cyberattacks on OT systems are related to the existence of specialized malicious codes – malware. As an evidence there were several cybersecurity incidents caused by malware such as STUXNET, INDUSTROYER, WANNACRY or LOCKERGOGA, resulting in extensive damage to industrial and power devices.
Such malware brings new serious vulnerabilities and threats that debunk deep-rooted myths about cybersecurity of OT systems.
- More information in Myths and Superstitions
Addressing cybersecurity of OT systems requires a conceptual and systematic approach (there is no “catalogue” solution) and is based on internationally recognized standards and directives.
Different institutions around the world are looking for effective cybersecurity solutions for industrial OT systems. Individual concepts of solutions have their historical evolution, differ according to place and time of their origin and approach cybersecurity from different points of view.
- More information in Concepts and Standards for Cybersecurity of OT Systems
Industrial control systems are in terms of deployment areas and so-called impact criteria (i.e. depending on the extent and severity of possible damages and consequences caused by cyber incidents) divided into systems for non-critical infrastructure (manufacturing systems, building automation, etc.) and systems for critical infrastructure (energy, water, gas, transport, chemistry, metallurgy, etc.).
An internationally accepted and tested in practice directive on addressing cybersecurity of control systems of critical infrastructure devices is the BDEW White Paper (2nd updated edition, 7 May 2018).
- More information in Recommendations for Energy Sector
For more information, please contact the National Cyber Security Centre SK-CERT.
- More information in FAQ