Industrial cybersecurity refers to the protection of industrial control systems and associated networks that are used to monitor and control industrial processes. These systems are used in critical infrastructure industries such as power generation, water treatment, and oil and gas production, as well as in manufacturing systems, building automation systems and many other contexts.
The field of industrial cybersecurity is evolving rapidly, driven by the challenges of digital transformation. Today, industrial cybersecurity must adapt to increased connectivity between IT and industrial networks, as well as heightened attack sophistication and volumes. In recent years, we are seeing a attacks that impair or shut down industrial systems more than double annually.
The primary objectives of industrial cybersecurity are to ensure safety, reliability, and efficiency. Safety refers to preventing any harm to individuals or the environment. Reliability pertains to maintaining the smooth functioning of physical operations. Efficiency refers to keeping production costs low. Protecting information is not a primary focus, which is why practitioners rely on industrial standards such as the IEC 62443 series, NIST 800-82, and ANSSI standards for industrial cybersecurity, rather than IT standards such as ISO27001. A related methodology is Secure Operations Technology (SEC-OT), focused on protecting physical operations. SEC-OT follows the following principles: